BlackCat continues attempting to extort healthcare entities

BlackCat has been busy and continues to attack the healthcare sector here and abroad. Visitors to their leak site this week saw listings for:

Coachella Valley Collection Service, a service that provides debt collection services, including “medical, retail, commercial, judgment, and check debt collection.” BlackCat (aka AlphV) claims to have acquired 575 GB of data including employee personal information, internal company documents, clients’ documents with Social Security numbers, loan data and more, and a complete network map including login credentials for local and remote services.

AlphV listing for Coachella Valley Collection Service. Some screencaps were provided as proof of claims. Two of the image files are of now-expired driver’s licenses.Image and redaction by

Kansas Joint & Spine Specialists

BlackCat claims to have downloaded 467 GB of data from this provider’s servers, including employee personal information, internal company documents, clients’ documents with Social Security numbers, loan data and more.

AlphV writes:467 GB data has been downloaded from company file servers, including: - Internal Company Data (Employees personal data, CV's, DL's, ID's, SSN's, Financial reports, Accounting data, Loans data, Insurance, Agreements and much more); - Clients documentation (DL's, ID's, SSN's, Financial data, Credit cards information, Loans data, Agreements and much more); - Complete network map including credentials for local and remote services; - And more…
Listing for Kansas Joint & Spine included some screencaps with two driver’s licenses, a passport, a Social Security number, and a named doctor’s personal and professional details in a resume. Image and redaction by

Barts Health NHS Trust

A group of hospitals provide a huge range of clinical services to people in east London and beyond. AlphV’s listing claims to have 7 TB of data of the kind described for the previous two listings. There are six screencaps as proof, each of which is either a photo image such as a driver’s license or passport. There is also a disciplinary record on an employee.

Perhaps their presence on AlphV’s site is reason to hope that more victims in the healthcare sector are refusing to pay extortion demands. Healthcare victims have generally been more likely to pay than victims in other sectors, in great part due to the risk to patient safety and patient care if their ability to function is impacted. But not all attacks on the healthcare sector put patient safety or patient care at imminent risk. A collections firm may be a business associate that maintains patient data on payments and related information, but is that a justification to pay extortion if they are attacked? See Paying the Ransom for a discussion of some tough decisions facing hospitals, but keep in mind that not all entities are hospitals or involved in urgent care.

About the author: Dissent

Comments are closed.