DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Rundle Eye Care notifies patients of data breach

Posted on January 21, 2023February 3, 2023 by Dissent

At some time before or in early October, the Everest Ransom Team hacked Rundle Eye Care in California. On January 11, Drs. Keith and Herman Rundle notified patients and the California Attorney General’s Office about the incident.

In their notification, the doctors do not reveal precise dates of the attack or its discovery but claim that they recently

detected and stopped a network security incident. An unauthorized third party temporarily gained access to our network environment. Although we have found no evidence that your information has been specifically misused as a result of the incident, an investigation revealed that the following categories of your information which may have been exposed: name, date of birth, and treatment information.

Their notification to patients is dated approximately three months after the attack. And although the notification claims patient data “may have been exposed,” it does not tell patients their data was actually stolen and leaked publicly back in October.

Listing by Everest ransomware names Rundle Eye Care.
This listing appeared on Everest’s dark web leak site in early October 2022.

Everest’s listing on its leak site in early October claimed they acquired 30 GB of data from Rundle, including patient information. The listing also stated, “The owners of the company were notified of the incident in person and of the time frame. The company should contact us soon, otherwise more data will be released.”

According to Everest, then, the doctors knew back in October that the incident involved more than just exposure.

Whether Rundle’s physicians ever contacted Everest or not is unknown to DataBreaches, but on October 25, Everest leaked 20 GB of data on a well-known hacking forum accessible on the clear net and the dark web.

Screenshot of listing on hacking forum that offers data from Rundle Eye Care.
On October 25, Everest leaked data from Rundle Eye Care. Those files are no longer available at the free upload site but were at the time.

As of publication, there is no listing for this incident on HHS’s public breach tool and the total number of patients affected is unknown.

DataBreaches reached out to Everest Team to ask whether they had encrypted any of the files (they usually do not encrypt) and whether they had leaked all of the data they had exfiltrated. This post will be updated when a reply is received.

Update: On February 3, this incident was added to HHS’s breach tool with a submission date of January 12, 2023. The doctors reported that 7,528 patients were affected.

Related Posts:

  • SuperCare Health notifies 318,379 patients of July breach
  • IA: Southern Hills Eye Care Notifies Patients of…
  • Mission Community Hospital issues notification for…
  • AltaMed, BlueShield of California notify patients…
  • CommonSpirit Health Provides Cyberattack Update and…

Post navigation

← BlackCat adds NextGen to its leak site, but …. where did it go?
TSA ‘no fly’ list leaked after being found on unsecured airline server →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Founder and Majority Owner of Cryptocurrency Exchange Pleads Guilty to Unlicensed Money Transmitting
  • Hackers hit Erris water in stance over Israel
  • Update: Cardiovascular Consultants Ltd. ransomware attack reportedly affected 500,000 patients, guarantors, and staff
  • Data breach by Addenbrooke’s Hospital reveals patient information
  • Millions of patient scans and health records spilling online thanks to decades-old protocol bug
  • Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)
  • Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
  • CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net