On June 25, 2022, a representative of a threat group known as DAIXIN Team shared details with regards to a ransomware attack and information theft incident that occurred at Fitzgibbon Hospital located in Marshall, Missouri. Stolen data was published to a dark web resource site.
The published data consists of database tables taken from the MEDITECH database, and sensitive files that contain patient information taken from internal servers. 40GB of information was stolen during the attack and contained names, birth dates, Social Security numbers, patient account numbers, medical record numbers, and medical and treatment details.
DAIXIN Team seems to be a new ransomware gang. Additional information about the group and the ransomware attack was acquired by databreaches.net. A shared chat log confirmed that a spokesperson for Fitzgibbon Hospital got in touch with DAIXIN Team to make a deal about the ransom payment, however, no payment was made thus far.
At this time, there is no breach notice posted on the Fitzgibbon Hospital web page, and there is no breach incident posted on the HHS’ Office for Civil Rights web portal, thus it is unknown how many persons were impacted. As of this writing, the leak site still has the stolen data available for download.
Christiana Spine Center Ransomware Attack
Christiana Spine Center based in Newark, DE has reported that it suffered a ransomware attack recently. The center discovered the attack on February 25, 2022, and took steps right away to control the attack. Forensic and cybersecurity professionals investigated the breach and confirmed the potential access to files containing names, addresses, telephone numbers, medical insurance ID numbers, personal health data, and Social Security numbers during the attack.
The analysis of the impacted files affirmed that approximately 3,500 patients were potentially affected. They received free memberships to a credit monitoring service for 12 months. Christiana Spine Center mentioned that no proof was discovered that suggests the theft or misuse of patient data.
Hive Ransomware Group Attack on Diskriter
The Hive ransomware gang made a statement claiming its ransomware attack on Diskriter. The Pittsburgh, PA-based company offers health information management, revenue cycle management, and transcription services. The group claims to have stolen 160GB of information before file encryption. The stolen files contained software source code, financial information, employee details, sensitive business information, login information such as passwords and usernames, and files with patient information.
The attack was apparently done on June 8, 2022, and encrypted files, including backup files. As of this time of writing, there is no ransom payment made yet. Some stolen information is posted on the data leak site of the Hive ransomware gang. Diskriter did not confirm the attack yet and it is uncertain how many individuals had their PHI exposed.
