Getty Images/iStockphoto
Consulate Healthcare Provides Notice of Third-Party Vendor Data Breach
Consulate Healthcare provided notice of a third-party vendor data breach, but Hive ransomware claims to have targeted the organization directly.
Consulate Healthcare, which operates 140 nursing homes across the United States, began notifying an undetermined number of individuals of a third-party vendor data breach.
According to the notice on Consulate Healthcare’s website, cybercriminals targeted portions of the vendor’s network in early December and may have accessed records containing personal information. The investigation is still ongoing, but Consulate Healthcare notified patients of the incident in the interest of transparency.
“We are in regular touch with our vendor, and we are closely monitoring the investigation,” Consulate Healthcare stated. “We understand that they are working to finish the investigation as quickly as they can.”
According to DataBreaches.net, Hive ransomware group claimed responsibility for the attack, while also claiming that they attacked Consulate Healthcare directly rather than one of its vendors. Hive allegedly acquired a variety of sensitive data and added this information to its leak site.
Consulate Healthcare has not confirmed whether Hive’s claims are accurate or whether the vendor breach it reported was in fact the same breach that Hive referred to.
Retreat Behavioral Health Reports Ransomware Attack
Retreat Behavioral Health (RBH) reported a ransomware attack to the Maine Attorney General’s Office that impacted 23,620 individuals. RBH operates addiction treatment centers in Florida, Connecticut, and Pennsylvania.
According to the notice, RBH detected and stopped a ransomware attack on its systems on July 1, 2022. Further investigation identified a data set that may have been accessed by the threat actor. Despite discovering the attack in July, RBH notified impacted individuals of the breach on December 30.
The potentially compromised data included names, Social Security numbers, addresses, dates of birth, and medical and treatment information.
“Data security is one of our highest priorities. Upon detecting this incident, we moved quickly to initiate a response, which included retaining a leading forensic investigation firm who assisted in conducting an investigation along with the assistance of leading IT specialists to confirm the security of our network environment,” RBH noted.
“Additionally, we are coordinating with the FBI. We have also deployed additional monitoring tools and will continue to enhance the security of our systems.”