Health-care billing company Medical Billing Specialists Inc. (MBS Select) has been hit with a potential class action lawsuit over their 2024 breach.

Notifications first went out a year after the attack by Akira ransomware group.

https://databreaches.net/2025/02/26/medical-billing-vendor-sued-over-health-data-leak-gold-mine/

h/t, Bloomberg Law.

Direct link to complaint: https://www.bloomberglaw.com/public/desktop/document/MarianoGuerravMedicalBillingSpecialistsIncDocketNo125cv10453DMass?doc_id=X7V6GF8O0QV9EOAVLKEKKSJCO87

Update: On February 24, 2025, the Termite ransomware group claimed responsibility for the attack on Genea, a network of fertility (IVF) clinics in Australia.

On their dark web leak site, Termite claims to have ~700 GB of data from Genea's servers,, including patient data. They posted a number of screenshots with patient records as proof of claims. 

#Genea #databreach #IVF #ransomware #healthsec #cybersecurity #Termite

@David_Hollingworth

So... apart from the fact that I don't think they should have dropped charges against this doctor, is HHS going to investigate why the hospital gave access to patient data to a former employee/resident who no longer worked there and was never these patients' doctor?

US Justice Department drops case against Texas doctor charged with leaking transgender care data:
https://www.wfaa.com/article/news/local/us-justice-department-drops-case-against-doctor-charged-with-leaking-transgender-care-data/287-3e8a394d-41fb-41bf-bf72-fd012b87851b

Nine months after discovering a ransomware attack, Teton Orthopaedics notifies patients: https://databreaches.net/2025/01/12/nine-months-after-discovering-a-ransomware-attack-teton-orthopaedics-notifies-patients/

Unbelievable. Or maybe too believable...

I previously posted about Bolton Walk-in Clinic in Ontario not locking down their patient data despite multiple responsible disclosure alerts (https://infosec.exchange/@PogoWasRight/113589181607493357). Then I reported that Canada's cybersecurity agency contacted me and offered to help (https://infosec.exchange/@PogoWasRight/113589757905504474).

Well, they tried... but got no results either. Bolton Walk-In Clinic is still exposing patient data and didn't even do anything when contacted by Canadian federal police.

If any Canadian news outlet would like to report on this, get in touch. @JayeLTee and I will share the information with you (yes, I just volunteered him too).

Or if anyone is in the vicinity of their clinic, maybe stand outside with a sign that says, "Bolton Walk-In Clinic is leaking patient data and ignoring alerts!" That might get some attention...

Bonus points if you get someone in a Santa outfit to stand outside their clinic with a sign that says "Bolton Walk-In Clinic is naughty -- they are leaking patient data."

Bolton Walk-In Clinic in Ontario: lock down your backup already!

DataBreaches hates reporting on an incident when the entity has not yet secured misconfigured storage, but after four months of futile efforts to get a Canadian clinic to respond to responsible disclosures, maybe publication will help get them off the dime.

Do any personal injury lawyers in Ontario, Canada, or folks in the Information and Privacy Commissioner of Ontario follow me? Maybe they can get something done.

Read more at:
https://databreaches.net/2024/12/03/bolton-walk-in-clinic-in-ontario-lock-down-your-backup-already/

#misconfiguration #error #healthsec #dataleak #databreach #exposure #incidentresponse
#DontCallMeHoney

@brett

I was just reading a follow-up on the Philippine Health Insurance (PhilHealth) breach by #Medusa in 2023, and I read something that struck me as unusual:

The govt didn't pay the TA's demands but what they did do was set up a portal where citizens could check to determine if Medusa had leaked their personal identification number.

I can't recall any govt or private sector entity ever creating a portal like that before. Can you? I mean, telling people to check HaveIBeenPwnd is one thing, but to create a portal on a .gov domain to check what TAs leaked?

Portal: https://philhealthleak.privacy.gov.ph/

@campuscodi @zackwhittaker @brett @troyhunt

New dark web leak site reveals yet two more U.S. medical sector victims:

https://www.databreaches.net/new-leak-site-reveals-yet-two-more-u-s-medical-sector-victims/

#DragonForce

#databreach #HealthSec #cybersecurity #infosec

This leak site first opened Dec. 13. I kinda doubt this DragonForce is the Malaysian hacktivist group by the same name. Does anyone know anything about THIS "DragonForce" group? Do they lock files? I've sent them a contact request, but so far, have no info on them.

@jgreig @BleepingComputer @brett @allan

Proliance Surgeons in Washington notified HHS that 437,392 patients were affected by a #ransomware attack that encrypted files and systems and resulted in some files being exfiltrated.

Their undated website notice about the incident does not disclose when the attack occurred or was first discovered, but it appeared to be earlier this year (circa February). They first notified HHS on November 20.

The information involved includes individual names, and one or more of the following: date of birth, Social Security number, medical treatment information, health insurance information, phone number, email address, financial account number, driver license or other identification information, and usernames and passwords.

I haven't seen any group claim responsibility for this breach and Proliance does not state whether they ever negotiated with the unnamed TAs or paid them. Has anyone seen any group claim responsibility for this one?

Questions to Proliance have been sent.

#databreach #incidentresponse #ransomware #transparency #infosec #HealthSec #cybersecurity #HIPAA

@brett @BleepingComputer @jgreig

Hunters International claims to have hit Covenant Care and has leaked 3 patients' demographic data, presumably to pressure them more into paying.

There is nothing on Covenant Care's website to indicate any #databreach or disruption in services. I've sent them an inquiry to see if they'll confirm or provide any statement.

#HealthSec #databreach #ransomware #infosec #cybersecurity #HIPAA

@brett

Oh no.... The Ardent Health Services ransomware attack Thanksgiving week resulted in hospitals in multiple states diverting patients as they shut down networks to investigate and prevent spread.

I've compiled some preliminary info here:

https://www.databreaches.net/hospitals-in-multiple-states-diverting-patients-after-ardent-health-services-hit-with-ransomware-attack/

h/t, @ValeryMarchive and @brett

I haven't seen any group claim responsibility (yet). Has anyone?

Rhysida added Singing River Health System in Mississippi to their leak site. Four days left on the countdown clock and an asking price of 30 BTC for a single sale.

The attack was discovered August 19. Singing River hasn't issued any update since their August 31 update at https://singingriverhealthsystem.com/2023/08/singing-river-operations-update/. They reported that they had been able to restore their EPIC EMR system internally by that point.

RiteAid was just one of many victims of the #MOVEit #databreach by #Clop. Now they're being sued by plaintiffs who call them "reckless" and "negligent" for not having encrypted the protected health information.

Imagine if every covered entity or business associate who didn't encrypt #PHI got hacked was sued over a vendor breach.

In this day and age where healthcare entities are under siege, is it somewhat reckless or negligent not to encrypt? And if not, will it ever be generally considered reckless and negligent?

https://www.databreaches.net/rite-aid-one-of-many-victims-in-moveit-breach-sued-for-negligence/

Bienville Orthopaedic Specialists notifies 243,000 patients of cyberattack:
https://www.databreaches.net/bienville-orthopaedic-specialists-notifies-243000-patients-of-cyberattack/

BOS notification doesn't mention ransomware at all or whether there was any payment demanded or paid, yet their listing was removed from Abyss's leak site, it seems.

#databreach #infosec #cybersecurity #healthsec #transparency #ransomware

@brett @funnymonkey @BleepingComputer

@brett Is the number of organizations affected by the #MOVEit #databreach now estimated to be 2500? That's the number mentioned in this article: https://www.buffalo.edu/news/releases/2023/08/data-media-associates.html

On May 24, New England Life Center in Maine " learned of a data security incident that disrupted the operations of our computer systems."

They don't say "ransomware" or "malware" but say there was disruption. So of course, they also don't tell us whether there was any ransom demand.

They have since notified #HHS that 51,854 patients were being notified because of "could have" and "may have" etc.

Anyone seen this one on any leak site?

#databreach #HealthSec #HIPAA #HITECH #Infosec
#transparency

@brett @allan

LockBit claims to have hit Show Chwan Memorial Hospital
in Taiwan.

They hit a hospital with neurology and obstetrics services. I guess they're fine with putting lives at risk.

Cyberattack is a factor in Illinois hospital’s closure:

https://edition.cnn.com/2023/06/12/politics/cyberattack-hospital-closure/index.html

So they're saying that a 2021 incident that affected them for months is a factor in their closing now?

Oddly, although I had noted this incident in my recording sheets for February 2021, I never saw it reported on HHS's public breach tool, and still don't find it on that tool or archived reports. And I never saw data up for sale or any group claiming responsibility for this one. Anyone have more details or follow-up on it?

#databreach #ransomware #healthsec #infosec #cybersecurity

@brett @sawaba @allan @campuscodi