BlackCat adds NextGen to its leak site, but …. where did it go?

On January 17, BlackCat (aka ALPHV) added NextGen to their leak site.

Screenshot of listing on BlackCat's leak site with redacted screencaps BlackCat provided as proof of claims.
BlackCat’s listing for NextGen included some screenshots as proof of access to their files, but the images were not of particularly sensitive information. Images redacted by

On January 19, DataBreaches sent an email inquiry to NextGen asking when they were attacked, whether files had been encrypted, and whether any employee data or patient data had been accessed or exfiltrated.

NextGen responded promptly and then sent the following statement:

NextGen Healthcare is aware of this claim and we have been working with leading cybersecurity experts to investigate and remediate. We immediately contained the threat, secured our network, and have returned to normal operations. Our forensic review is ongoing and, to date, we have not uncovered any evidence of access to or exfiltration of client data. The privacy and security of our client information is of the utmost importance to us.

Their statement was silent about whether they have any evidence that employee data or any patient data had been accessed, locked, and/or exfiltrated.

On January 20, DataBreaches reached out to BlackCat to ask if they would be willing to provide any proof that they had actually accessed or exfiltrated any of NextGen’s client data. Their spokesperson on Tox, “Admin,” responded that they do not disclose information about their companies, adding:

Companies do not want these cases to be known by three people.
Sorry, can’t help you.
We can provide data and all information if the company does not pay us.

Whether DataBreaches’ inquiries to NextGen and BlackCat had any effect is unknown to DataBreaches, but when BlackCat’s site was checked today, NextGen’s listing could no longer be found.

Is it down for updating or is it down because of negotiations or for some other reason? DataBreaches does not know but will continue monitoring the site and situation.

About the author: Dissent

Comments are closed.