Correction and Update: Mount Locker team denies responsibility for Sonoma Valley Hospital attack
On November 9, DataBreaches.net published “Without Undue Delay” which catalogued health sector ransomware attacks where attackers had dumped patient data as part of an attempt to pressure their victims into paying ransom. That report was a companion to a post arguing that patients need to be notified sooner of ransomware dumps than HIPAA’s 60-day window might seem to allow.
In the report, DataBreaches.net wrote that the Mount Locker team was reportedly claiming responsibility for an October attack on
Sonoma Valley Hospital in California, and had reportedly dumped 75 GB of data. This site qualified its statements because
DataBreaches.net was unable to find any actual data dump, although the hospital’s name does appear on the threat actor’s leak site. The dump, reported by a well-known site, may have been removed as part of some renewed negotiations or something.
DataBreaches.net reached out to the threat actors to ask them about the reported dump, and today, received a response that denied they had attacked Sonoma Hospital. A spokesperson wrote:
Sadly to say our cartel partner did that. Mount team never attacks hospitals or direct infrastructure such as airports / water supply / etc.
We believe the risk of human death is extremely far from our business. But some cartel members don’t care...
We have removed a link. It was a repost from a partner that appeared on the news site due to a mistake by our staff. This should not happen anymore.