DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

UPDATE: Michigan Avenue Immediate Care in Chicago submits notification concerning 2021 cyberattack

Posted on July 1, 2022July 12, 2022 by Dissent

On May 18, DataBreaches.net broke the story about a cyberattack on Michigan Avenue Immediate Care in Chicago (MAIC). The threat actors who had attacked Unified Government of Wyandotte County and Kansas City in April claimed responsibility for the attack.

Despite multiple inquiries sent to MAIC, no response was ever received, but the threat actors provided DataBreaches with exclusive access to a large archive of data allegedly exfiltrated beginning in December 2021 and continuing to May 10, 2022. The data was described in this site’s previous report.

Yesterday, MAIC submitted notification template letters to the California Attorney General’s Office.

MAIC’s notice states that they first learned of a breach on May 1, 2022. That date corresponds to what the threat actors had told DataBreaches as the date they first contacted MAIC with their demands.

MAIC claims that on May 12, they learned that the files contained personal and protected health information. Their description in their templates to adult patients and parents of pediatric patients is consistent with what the threat actors had claimed and provided to DataBreaches.

Significantly, MAIC does not tell those being notified that the breach occurred last year — in November, based on the meta data in their report to the AG’s office, or in December, based on when exfiltration started according to the threat actors.

Nor does their notification explain why they only first found out on May 1 via notification by threat actors and they never detected the breach by any internal audits or means.

MAIC’s template notification for pediatric patients can be found here; the one for adult patients can be found here. MAIC informs people “so that you can be aware of the incident and take steps to help protect your child against identity theft or fraud, if you feel that is appropriate. Although we are not aware of any identity theft or fraudulent use of your child’s information in connection to this incident,” MAIC offers one  year of complimentary services.

MAIC may not be aware of any fraudulent use of data, but should they have notified people  that the data has already been shared and that the threat actors claimed to be selling the data? Would that lead to more people signing up for monitoring and remediation services?

Any report that they may have filed this week with HHS has yet to show up on the public breach portal. In the absence of any response from MAIC, DataBreaches had estimated 43,000 affected based on the data and information provided by the threat actors, but that number may be significantly different than what they report.

This post will be updated when a number is reported to HHS.

Updated July 12, 2022: And now we know:  144,104 were reported as affected by this breach.

Related Posts:

  • Immediate care facility in Chicago hacked in…
  • Lodi Unified School District reports breach…
  • Unified Government of Wyandotte County and Kansas…
  • Threat actors claim to have attacked City of Dade…
  • Bienville Orthopaedic Specialists notifies 243,000…

Post navigation

← Patient information compromised in OrthoNebraska data breach
Updating: Breach reports from Eye Care Leaders’ clients continue to add up →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Founder and Majority Owner of Cryptocurrency Exchange Pleads Guilty to Unlicensed Money Transmitting
  • Hackers hit Erris water in stance over Israel
  • Update: Cardiovascular Consultants Ltd. ransomware attack reportedly affected 500,000 patients, guarantors, and staff
  • Data breach by Addenbrooke’s Hospital reveals patient information
  • Millions of patient scans and health records spilling online thanks to decades-old protocol bug
  • Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)
  • Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
  • CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net