More data leaked from St. Rose Hospital ransomware incident

Since DataBreaches first reported that data from St. Rose Hospital had appeared on a popular hacking forum and appeared to be linked to the BianLian ransomware group, there have been some additional developments:

St. Rose Notified the California Attorney General’s Office

The notification, submitted to California on January 12,  states that Hayward Sisters Hospital d/b/a St. Rose Hospital was writing to supplement a preliminary notice of December 29, 2022 to patients. The letter goes on to state that on or about November 29, 2022, the hospital discovered suspicious activity on its computer systems. Their investigation revealed that unknown individuals had accessed their system on or about November 18, 2022.

The files that were accessed and acquired contained patients’ name, Social Security number, date of birth, e-mail address, and home address.

“At this time, we are not aware of any actual or attempted fraudulent misuse of your information as a result of this incident,” they write.

While perhaps it is accurate as worded, nowhere does St. Rose reveal that patient data had already been leaked on both the dark web and clear net.  And nowhere do they reveal that they were actually in contact with the threat actors and refused to pay ransom.

On December 29, DataBreaches had reached out to BianLian via Tox to ask them about the forum listing. A spokesperson for BianLian informed this site that the individual who had posted the listing was affiliated with them. They also informed DataBreaches that St. Rose had negotiated with them but refused to pay even after BianLian offered them what they described as a “huge discount.”  BianLian shared what they presented as the hospital’s response at the time:

We respectfully inform you that we will cannot pay you. We fully understand that you have our files and will take certain actions, but we simply are not able to pay. We thank you for your time and your willingness to help and we’re sorry it ended this way. Goodbye.

St. Rose has not responded to multiple inquiries from DataBreaches about the incident.

More Data Has Been Leaked

Since DataBreaches’ initial report on the incident, BianLian has leaked significantly more data from the hospital.  They claim to have exfiltrated 1.7 TB of data, and organized the leak by sections they call “IT,” “Accounting,” and “Hospital Stuff.” While the headings and subheadings suggest that there are files with employee data and patient data, it is not clear whether there are any patient medical record databases or databases with extensive protected health information.  DataBreaches has yet to examine the data leak, and this post may be updated at a later time.

As of publication, this incident has not appeared on HHS, and the total number of patients affected has not been disclosed.


About the author: Dissent

Leave a Reply

Your email address will not be published.Email address is required.

This site uses Akismet to reduce spam. Learn how your comment data is processed.