BayMark Health Services this week confirmed it notified an undisclosed number of patients about a September 2024 data breach that compromised the following info:
- Names
- Social Security numbers
- Driver’s license numbers
- Dates of birth
- Services received
- Dates of service
- Insurance info
- Treatment provider
- Treatments
- Diagnostic info
BayMark operates hundreds of opioid treatment clinics and programs across the US and Canada.
Ransomware gang RansomHub claimed responsibility for the attack in October 2024, saying it stole 1.5 TB of data.
BayMark has not verified RansomHub’s claim. We do not yet know how many people were notified, if BayMark paid a ransom, how much RansomHub demanded, or how attackers breached BayMark’s network. Comparitech contacted BayMark for comment and will update this article if it replies.
“On October 11, 2024, we learned of an incident that disrupted the operations of some of our IT systems,” says BayMark’s notice (PDF) to victims. “Our investigation determined that an unauthorized party accessed some of the files on BayMark’s systems between September 24, 2024 and October 14, 2024.”
BayMark is offering eligible victims free credit monitoring and identity theft protection via Equifax.
Who is RansomHub?
RansomHub runs on a ransomware-as-a-service model in which affiliates pay to use the group’s malware and infrastructure to launch their own attacks and collect ransoms. RansomHub is behind high-profile attacks on Rite Aid, Christie’s auction house, Frontier Communications, and the Florida Department of Health.
RansomHub first starting posting organizations it hacked to its leak site in February 2024. Since then, it claimed responsibility for 90 confirmed ransomware attacks, compromising 5.5 million records. It claimed another 458 unconfirmed attacks that haven’t been acknowledged by targets, 16 of which it claimed in the last month. Its average ransom is $12.2 million, with the largest being a $50 demand from Libya’s Mellitah Oil & Gas in April.
Last month, RansomHub claimed attacks on Marietta City Schools, PSC Corporation, Fondo Genesis, and Tecta America.
Ransomware attacks on US healthcare
Ransomware attacks on US hospitals, clinics, and other care providers can both steal data and lock down systems until a ransom is paid for a key to unlock them. Care providers might have to cancel appointments and divert patients until systems are restored, which can have life-threatening consequences. Doctors might be unable to communicate with patients, write prescriptions, or access medical records.
In 2024, Comparitech researchers logged 126 ransomware attacks against US hospitals, clinics, and other care providers, compromising 21,753,826 records. The average ransom for these attacks is $4.7 million.
In another such attack, North Los Angeles Regional Center started notifying patients following a November 2024 ransomware attack claimed by Medusa, another ransomware gang demanding $300,000.
About BayMark Health Services
BayMark Health Services claims to be North America’s biggest provider of medication-assisted treatment for substance abuse disorders. Its services mostly focus on opioid addition treatment. Based in Texas, BayMark operates in more than 200 locations across the US and Canada. It employs more than 1,000 people, according to its LinkedIn profile.
Source link
-
-
/cdn.vox-cdn.com/uploads/chorus_asset/file/25826016/STK051_TIKTOKBAN_STK463_SCOTUS__CVirginia_B.jpg)
-
-
-
-
-
-
