DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Oregon Sports Medicine allegedly hit by 8Base threat actors

Posted on August 8, 2023 by Dissent

Oregon Sports Medicine was added to 8Base’s leak site today. No files or filetree was offered as any proof of claims, but the threat actors claim that they acquired:

Invoice
Receipts
Accounting documents
Personal data
Certificates
Employment contracts
A huge amount of confidential information
Confidentiality agreements
Personal files of patients
Another

The listing indicates that the data were downloaded today and will be published on August 13 (presumably if there is no payment by then).

DataBreaches sent an inquiry to Oregon Sports Medicine seeking confirmation or denial of the claims and additional information but no reply was received.

SOCRadar has a recent article on 8Base, a group that has been around since 2022 but has seemingly become more publicly active in recent months. The Hacker News also provides coverage that includes links to a number of articles about the group.

Oregon Sports Medicine is not the first medical entity listed by 8Base. They previously claimed to have attacked Redwood Lab Services, ER of Dallas, and Smyrna Pediatrics. All three of those were allegedly attacked in or about November of 2022 and leaked in December — before 8Base had a leak site. The mega.nz links where 8Base claimed to have uploaded the entities’s data was were removed by Mega.nz for gross violation of terms of service.

Listings by 8Base for three medical entities with descriptions of kinds of data exfiltrated.

None of those three victims have any reports on HHS’s public breach tool, and DataBreaches has never seen any press release, substitute notice, or notification from any of the three. Emails or contact form inquiries were sent (again in one case) on August 6, but none of the three have responded.

In addition to the three allegedly attacked last year, 8Base also claimed to have attacked Kansas Medical Center in June of this year. KMC did not respond to an email inquiry sent July 11. On some date unknown to DataBreaches, the listing was removed from 8Base’s site.

8Base claimed to have attacked Kansas Medical Center in June of 2023. The listing was subsequently removed.

No breach report from Kansas Medical Center appears on HHS’s public breach tool, and DataBreaches has found no press release, substitute notice, or any notification by KMC. DataBreaches sent a second inquiry to KMC on August 6, but again, no reply was received.

DataBreaches reached out to 8Base to ask if they still had any data or proof from the three listings that still appear on the leak site. If they provide any evidence, or if any of the named alleged victims reply to inquiries, DataBreaches will update this post,


Related:

  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Authorities released free decryptor for Phobos and 8base ransomware
Category: Breach IncidentsHealth DataMalware

Post navigation

← Il: Cyberattack shuts down Bnei Brak hospital’s computers
Outrage at massive police data breach that saw the personal details of more than 10,000 PSNI officers and staff accidentally published online →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app
  • Au: Qantas hackers gave airline 72-hour deadline
  • Honeywell vulnerability exposes building systems to cyber attacks
  • Recent public service announcements of note — parents should take special note of these
  • Au: Junior doctor faces fresh toilet spying charges as probe widens to other major hospitals

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.