[BreachExchange] Lorien Health Services discloses ransomware attack affecting nearly 50, 000

Destry Winant destry at riskbasedsecurity.com
Wed Jul 22 10:38:24 EDT 2020


https://www.bleepingcomputer.com/news/security/lorien-health-services-discloses-ransomware-attack-affecting-nearly-50-000/

Lorien Health Services in Maryland announced that it was the victim of
a ransomware incident in early June. Data was stolen and then
encrypted during the incident.

Responsible for the attack are Netwalker ransomware operators, who
leaked the information after Lorien refused to pay the ransom demand.

Social Security numbers accessed

The company says that the incident was detected on June 6 and
contracted services of cybersecurity experts to start an investigation
and determine the impact.

After four days, the verdict was that personal information had been
accessed by the hackers and it "may have included residents’ names,
Social Security numbers, dates of birth, addresses, and health
diagnosis and treatment information." Employee data was also accessed.

According to the breach notification sent to the Secretary of Health
and Human Services, the number of impacted individuals is 47,754.

Although Lorien just announced the breach publicly, Netwalker
operators made the incident known in mid-June, publishing screenshots
of directory listings with 2020 date stamps and admission records as
proof of compromise.

Netwalker leaks Lorien data

At the moment, some of the data has been dumped online. A
password-protected archive of 147MB is currently available via a
file-sharing service.

The hackers also published the unlock key for the archive and labeled
this cache "Part 1," indicating that they may leak more data in the
future.

Netwalker ransomware operation started under the name Mailto in
October 2019 and rebranded in February this year.

Their targets include corporate networks vulnerable to remote desktop
hacks but as the Lorien incident shows, they are not picky about who
they attack as long as they get paid.

As it typically happens with these attacks, the business informed the
FBI and is cooperating with the service providing details that may
help catch the perpetrators.

Lorien sent notification letters to "all potentially impacted
residents" on June 16, two days after the hackers announced a
successful attack. The letters included details about the attack and
the options for protecting personal information, along with
complimentary credit monitoring and identity protection services.


More information about the BreachExchange mailing list