BlackCat adds a community behavioral health center in Alabama to its leak site (UPDATED)

AlphV (aka BlackCat) threat actors have added Highland Health Systems in Alabama to their leak site.

As proof of claims, they have leaked a number of files with employee and patient data or information, including part of a psychiatric intake form with a narrative from 2008. Other files are more current.

Highland Health Systems is part of the Behavioral Healthcare Alliance of Alabama. As part of its services, it provides treatment for those with substance abuse problems. The image below contains information on clients in a co-occurring substance abuse program:

As proof of access to Highland Health System’s network, BlackCat leaked files, including this one with ClientID, first and last name, whether the client had dependent children (Y/N), what substance they were abusing, how the substance was ingested (oral, smoking, injection), and if there was a second substance also being abused, what type of substance. Redacted by

BlackCat’s message claims that they have patient logs, mental health records, SSNs, drivers licenses, and employee passwords.

“Juicy data will be listed on darkent marketplace within 5 days. Other data (1.8TB) will be published within 5 days,” they write.

Of special note, they claim they will be contacting all patients and employees by phone and offering them the opportunity to pay to have their data removed from public leaks or darknet sales.

While it is not the first time threat actors have contacted patients directly to offer them the opportunity to pay to get their data removed, this is the second time in recent weeks DataBreaches has observed this being used when sensitive patient data is involved.

“HHS you still have some time to resolve the issue. CEO is welcome to chat with us,” they end their message.

DataBreaches sent a contact form inquiry to Highland asking about their incident response, but no reply was immediately available.

UPDATE:  On Sunday, AlphV removed the Highland listing from their leak site. When I inquired why, their spokesperson told me the attack had violated their prohibition against attacking non-profits.

When DataBreaches asked whether the individual had the data and could try to extort Highland on their own, AlphV’s spokesperson replied that we didn’t have to worry about that as the individual didn’t have the data.


About the author: Dissent

Comments are closed.