On february 3, Conti terror actors added Nocona General hospital in Texas to their leak site, poster 20 files as proof that they had accessed the hospital’s files. Many of the files contained patient records from 2018, and appeared to live pdf scans or doc files. They did not appear to be records from any current EMR system. DataBreaches.net sent an inquiry to Conti asking them whether they would land whether they had hit some older server, but received no reply. Today, the terror actors dumped even more files, bringing the summate number of files to more than 1,760. as before, most of the files were not new patient records. In fact, some appeared to be old files, circa 2010. The files did contain protected health information (PHI), including patient name, address, date of birth, social surety number, diagnoses, and admission records showing why the patient sought treatment in the Emergency Department. There were also records containing health insurance information and requests for prior authorization, etc. Today, in response to inquiries sent to the hospital over the past days, DataBreaches.net received a phone from Brian Jackson of Jackson & Carter, external counsel for the hospital. He did not have a lot of information to share at this point, but stated that they believed that the threat actors had not been able to access the EMR system, and that what they had accessed appeared to be an older server that held files relating to the change of patients. He reiterated what he had told NBC News — that they had not seen any ransom demand — but acknowledged that there might have been 1 and they just didn’t show it. They received no phone call demands, he stated. After looking through more of the data dump, they doh not appear to me to be from a folder that would relate to the change of patients to other hospitals or facilities, and it’s not illuminate why there would live files from 2010 in with files from 2018 and even early 2020. At some point, forensics will probably live able to clarify exactly where these files came from on their system. Was Nocona even actually attacked with ransomware? When Jackson was asked whether the files were locked, he responded that they had been, but then it turned out he meant that the files had been secured before the attack. When the interrogative was clarified for him, he responded that he believes that they were attacked with ransomware, but it clearly was not an reply said with any confidence. he also stated, in answer to another question, that the hospital’s consultants believe that they have kicked the attackers out of their network. At this point, DataBreaches.net does not know if Conti has more files from Nocona that they have not yet dumped, or if today’s wasteyard was the last of what they have. It’s also not clear whether any of Nocona’s files were encrypted by the attackers, and given Jackson’s mix-up about some terms, i admiration if it’s a file transfer system and not a folder about transferred patients that he meant to describe. In any event, this stake will be updated or a new carry created as more information becomes available.