DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

TX: Threat actors dump patient files from Nocona General Hospital

Posted on February 10, 2021 by Dissent

On February 3,  Conti threat actors added Nocona General Hospital in Texas to their leak site, posting 20 files as proof that they had accessed the hospital’s files.  Many of the files contained patient records from 2018, and appeared to be pdf scans or doc files. They did not appear to be records from any current EMR system.  DataBreaches.net sent an inquiry to Conti asking them whether they would state whether they had hit some older server, but  received no reply.

Today, the threat actors dumped even more files, bringing the total number of files to more than 1,760.

As before, most of the files were not new patient records. In fact, some appeared to be old files, circa 2010.  The files did contain protected health information (PHI), including patient name, address, date of birth, Social Security number, diagnoses, and admission records showing why the patient sought treatment in the Emergency Department. There were also records containing health insurance information and requests for prior authorization, etc.

Today, in response to inquiries sent to the hospital over the past days, DataBreaches.net received a call from Brian Jackson of Jackson & Carter, external counsel for the hospital. He did not have a lot of information to share at this point, but stated that they believed that the threat actors had not been able to access the EMR system, and that what they had accessed appeared to be an older server that held files relating to the transfer of patients.  He reiterated what he had told NBC News — that they had not seen any ransom demand — but acknowledged that there might have been one and they just didn’t read it.  They received no phone call demands, he stated.

After looking through more of the data dump, they do not appear to me to be from a folder that would relate to the transfer of patients to other hospitals or facilities, and it’s not clear why there would be files from 2010 in with files from 2018 and even early 2020.  At some point, forensics will probably be able to clarify exactly where these files came from on their system.

Was Nocona even actually attacked with ransomware? When Jackson was asked whether the files were locked, he responded that they had been, but then it turned out he meant that the files had been secured before the attack. When the question was clarified for him, he responded that he believes that they were attacked with ransomware, but it clearly was not an answer said with any confidence.  He also stated, in answer to another question, that the hospital’s consultants believe that they have kicked the attackers out of their network.

At this point, DataBreaches.net does not know if Conti has more files from Nocona that they have not yet dumped, or if today’s dump was the last of what they have. It’s also not clear whether any of Nocona’s files were encrypted by the attackers, and given Jackson’s confusion about some terms, I wonder if it’s a file transfer system and not a folder about transferred patients that he meant to describe. In any event, this post will be updated or a new post created as more information becomes available.

 

 

 

Related Posts:

  • Update: Nocona General Hospital "recently" learned…
  • British Columbia real estate agency sustains unusual…
  • Another hospital hit by ransomware: Mission…
  • SEPA Systems Knocked Offline by ‘Ongoing’ Ransomware Attack
  • Ransomware attacks on medical entities continue: a…

Post navigation

← University of Colorado responds to Accellion breach
NY: Syracuse University email hack compromises personal info of 9,800 →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Seeking clarification on Maine’s data breach notification statute
  • East River Medical Imaging notifies 605,809 patients of breach
  • Russian hackers exploiting Outlook bug to hijack Exchange accounts
  • Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system
  • 23andMe data breach: Hackers accessed data of 6.9 million users
  • AlphV claims they have started contacting some of Tipalti’s clients (1)
  • Research: Privacy as Pretense: Empirically Mapping the Gap Between Legislative & Judicial Protections of Privacy
  • What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net