Orrick, Herrington & Sutcliffe, the San Francisco-based company revealed last week that that during an attack in March 2023, threat actors stole personal information and critical health data of more than 637,000 data breach victims.
Orrick said that the hackers had taken massive amounts of data from its systems related to security incidents at other organizations, for which he provided legal assistance, in a series of letters notifying those impacted of the data breach.
Orrick informs that the data involved in the breach involved its customers’ data, including those with dental policies with Delta Dental, a major healthcare insurance network that covers millions of Americans' dental needs, and those with vision plans with insurance company EyeMed Vision Care.
The company further added that it had contacted with the U.S. Small Business Administration, the behavioral health giant Beacon Health Options (now Carelon), and the health insurance provider MultiPlan that their data was also exposed in Orrick's data breach.
Apparently, the stolen data includes victims’ names, dates of birth, postal address and email addresses, and government-issued identification numbers, such as Social Security numbers, passport and driver license numbers, and tax identification numbers. Also, information about patient’s medical treatment and diagnosis details, insurance claim like date and service-charges, and healthcare insurance numbers and provider details have been compromised.
Orrick further says that credit or debit card details as well as online account credentials were also involved in the breach.
Since the initial announcement of the breach, the number of affected individuals have been on the rise. In its recent breach notice, Orrick states that it “does not anticipate providing notifications on behalf of additional businesses,” however the company did not specify how it came to this conclusion.
Orrick said in December to a federal court in San Francisco that it reached a preliminary settlement to end four class action lawsuits that claimed Orrick failed to disclose the breach from victims for months after it had occurred.
“We are pleased to reach a settlement well within a year of the incident, which brings this matter to a close, and will continue our ongoing focus on protecting our systems and the information of our clients and our firm,” added Orrick’s spokesperson.
A revolutionary advancement in the realm of medical diagnostics has seen the emergence of cutting-edge AI tools. This ground-breaking technology identifies a variety of eye disorders with unmatched accuracy and has the potential to transform Parkinson's disease early detection.
Apparently, the ransomware gang stole more than 500,000 Social Security numbers and copies of the company’s employees’ driving licenses and passports. Also, other legal and financial documents are said to be compromised.
Prospect Medical Holdings—currently operating 16 hospitals spread across four U.S. states—confirms that the ransomware attack was launched earlier this month, because of which they have been facing issues in their online operations.
Moreover, several elective surgeries, outpatient appointments, blood drives and other services are put to hold owing to the attack.
According to a Prospect spokesperson, the company was unable to comment on the suspected data leak due to "the sensitivity of the incident and law enforcement involvement."
"Prospect Medical continues to work around-the-clock to recover critical systems and restore their integrity[…]We are making significant progress. Some operational systems have been fully restored and we are in the process of bringing others online," the spokesperson said.
Rhysida confirmed Prospect as one of its victims on its dark web site this Thursday, stating that it had taken 1.3 terabytes of SQL data and 1 terabyte of "unique" files.
Certainly, if the ransom demands are not fulfilled, the ransomware group has threatened the firm to expose their victims’ names to their site.
Rhysida, in a listing, says that it will auction off "more than 500,000 SNNs, passports of their clients and employees, driver's licenses, patient files (profile, medical history), financial and legal documents!!!"
The auction apparently ends in nine days, with 50 Bitcoins as ransom, per the listing.
Rhysida first came to light in May, however the government officials and cybersecurity professionals claim to have already known about the group, following instances of the group targeting critical infrastructure organizations in recent months.
Also, the Department of Health and Human Services (HHS) published an advisory in regards to the group, since Rhysida’s prime targets involved organizations in the health and public health sector. They further noted that Rhysida’s victims also involved firms in the education and manufacturing sectors.
HHS has advised organizations to patch known security flaws present in their systems and install data back-ups in case they are taken offline. Moreover, they recommended phishing awareness training programs for employees.