Wyoming clinic Teton Orthopaedics over the weekend confirmed it notified an undisclosed number of patients about a January 2024 data breach that compromised names, addresses, dates of birth, health insurance info, and medical info. For a limited number of people, the breached data also included Social Security numbers, financial account info, passport info, and credit/debit card info.
Ransomware gang DragonForce claimed responsibility for the breach in March, saying it stole 5.5 GB of data from Teton Orthopedics. At the time, DragonForce gave Teton one week to pay an undisclosed sum in ransom.
The clinic has not verified DragonForce’s claim. We do not yet know how many people are affected, if Teton paid a ransom, how much DragonForce demanded, or how attackers breached Teton’s network. Comparitech contacted Teton Orthopaedics for comment and will update this article if it replies.
A breach disclosure submitted to the Maine attorney general says 21 people from that state were affected, though most of the victims probably live in or close to Wyoming.
“Teton Orthopaedics experienced a data incident between January 16, 2024, and March 25, 2024, which may have affected your personal information,” Teton’s notice (PDF) to victims states.
The clinic is offering eligible victims free identity theft protection and insurance via IDX.
Who is DragonForce?
DragonForce is a ransomware gang that first started posting targets to its leak site in December 2023. It operates a ransomware-as-a-service business in which customers pay to use DragonForce’s malware and infrastructure to launch attacks and collect ransoms. DragonForce often extorts victims twice: once for a decryption key to unlock infected systems, and again in exchange for not selling or publicly releasing stolen data.
DragonForce claimed 21 confirmed ransomware attacks since it first appeared, plus another 93 claims that weren’t acknowledged by targeted organizations.
Some of DragonForce’s biggest attacks hit the healthcare sector. It stole 64,000 people’s records from Heart of Texas Behavioral Health Network in October 2023, and 62,000 records from Greater Cincinnati Behavioral Health Services in December 2023.
Prior to Teton Orthopaedics, DragonForce’s most recent confirmed attack was on Mastery Schools in Pennsylvania, which the gang breached in September 2024.
Ransomware attacks on US healthcare
Ransomware attacks on US hospitals, clinics, and other care providers can both steal data and lock down systems until a ransom is paid for a key to unlock them. Care providers might have to cancel appointments and divert patients until systems are restored, which can have life-threatening consequences. Doctors might be unable to communicate with patients, write prescriptions, or access medical records.
Comparitech researchers logged 123 confirmed ransomware attacks on US hospitals, clinics, and other care providers in 2024, which compromised 21.4 million individual records. The average ransom demand was $1.06 million.
In another recent such attack, the Khalil Center sent data breach notices to 1,153 people following a December 2024 ransomware attack claimed by KillSec.
About Teton Orthopaedics
Teton Orthopaedics operates two outpatient clinics in Jackson and Pinedale, Wyoming. According to its website, it employs eight physicians and six physician assistants.
Source link
-
-
-
-
-
-
-
-
