Approximately 43,000 patients of an immediate tutelage facility and its associated primary tutelage practise in chicago may or may not know it yet, but threat actors gained access to protected health information in december and proceeded to withdraw more than 500 GB of files between December and may 10. Or so the threat actors claim. On Monday, DataBreaches.net was contacted by an individual who claimed that Michigan Avenue Immediate care had been hacked. “Stealed more that 580 gb personal information about ~43.000 patients including SSN , proof id and lab analyses , TEMPUS Covid info and more info,” the individual wrote, using a protonmail account. a single 13-page file with a named patient’s registration strain for Michigan Avenue Immediate care (MAIC) was attached. The organize contained demographic information about the patient with their name, date of birth, address, telephone number, social surety number, health insurance information, and medical history including lifestyle factors was provided. That file also included a photocopy of the patient’s driver’s license and an April, 2022 date for pursue up at Michigan avenue Primary Care. Finding no media coverage of any breach, no report to HHS, and nothing on MAIC’s website, DataBreaches reached out to MAIC via email with questions about the claimed attack. Receiving no reply, DataBreaches sent a endorsement inquiry earlier today, only to get it bouncing back with a 550:blocked message. DataBreaches then sent a back email from this site’s demesne email account. Although that email did not bounce back, no reply has been received. With no info on MAIC’s or MAPC’s websites about any incident and no reply to emails, DataBreaches asked the threat actors if they would supply additional proof or details. They provided a 2.2 gigabit archive with protected health information (PHI) of patients. In addition to individual files with PHI, approximately 30 files in the sample were batched insurance claims with each varlet containing information on more than ace patient. Batched claims included patient name, account number, date of service, provider name, health insurance plan, health insurance policy number, charges, and balance. When asked for information about when the tone-beginning occurred, the threat actors replied (as in the original): We has break his servers on december 2021 . We continued uploading his data until to 10 may . We collected data from Yosi System, Docman , Tempus Covid results and more another info . We demanded not big toll for confidential about this breach, but he only delay time, not paying . Of note, they also informed DataBreaches that they had not encrypted any files. Although the newspaperman wrote to DataBreaches in English, default auto-text in emails such the “original message” divider appeared in Russian. Somewhat surprisingly, they hesitated when DataBreaches asked how this site should relate to them, but when asked if DataBreaches mightiness know them from any other drudge or incident, they promptly replied, “Last our hack is Wycokck Country UG,” referring to the Unified administration of Wyandotte County and Kansas City incident, reported last month. That attack, which was discovered on April 16, was allay impacting some authorities services by April 29. Eventually, DataBreaches was told that they could be called “Targetware Team,” but Databreaches is not confident that they used that epithet with WyCoKC or MAIC. This carry will be updated if MAIC responds to this site’s inquiries or if more information becomes available. As of the time of this publication, it is important to reiterate that they get not confirmed any transgress to DataBreaches and if they did have a breach, it is not yet known to DataBreaches whether it was their breach or a third-party vendor’s breach.
