Consultants in Pain Medicine yesterday confirmed it notified 2,062 Texans about a June 2024 data breach that compromised the following patient info:
- Names
- Social Security numbers
- Dates of Birth
- Driver’s license or other state-issued ID number
- Financial account into
- Passport numbers
- Medical info
- Health insurance policy info
Ransomware gang Inc claimed responsibility for the attack in August 2024. To prove its claim, the group posted images of what it says are confidential documents stolen from CIPM.
The San Antonio-based physicians’ association has not verified Inc’s claim. We do not know whether CIPM paid a ransom, how much Inc demanded, or how attackers breached CIPM’s network. Comparitech contacted CIPM for comment and will update this article if it replies.
“We discovered unauthorized access to our network occurred between June 26, 2024 and July 7, 2024,” says CIPM’s notice (PDF) to victims.
CIPM is offering eligible victims–those whose Social Security numbers were compromised–free credit monitoring.
Who is Inc Ransomware?
Inc Ransomware emerged in July 2023 and targets a wide range of victims in healthcare, education, and government. Its methods involve spear phishing and exploiting known vulnerabilities in software.
Inc has claimed responsibility for 81 confirmed ransomware attacks since it started posting targets to its data leak site, plus another 160 claims that haven’t been confirmed or acknowledged by targeted organizations. Healthcare organizations make up the biggest portion of those attacks: 33 confirmed and 33 unconfirmed.
Inc’s other recently-confirmed targets include the International AIDS Vaccine Initiative (IAVI), Menominee Tribal Clinic, and Spectrum Medical Imaging.
Outside of the healthcare industry, Inc also recently claimed responsibility for an attack on the city of McKinney, Texas.
Ransomware attacks on US healthcare
Ransomware attacks on hospitals, clinics, and other care providers can lock down computer systems and steal data. Targets are forced to either pay a ransom or face extended downtime, data loss, and putting customers at risk of fraud. Ransomware can cripple a wide range of systems including access to medical records, appointment booking, payroll, prescriptions, patient communications, and more.
In 2024, Comparitech researchers logged 138 confirmed ransomware attacks on US hospitals, clinics, and other direct care providers, compromising more than 23.5 million records. The average ransom is $1.03 million.
In 2025, we tracked two confirmed attacks on Frederick Health and New York Blood Center Enterprises. Another 39 such attacks have been claimed by ransomware groups but not acknowledged by the targeted organizations.
About Consultants in Pain Medicine
Consultants in Pain Medicine is an association of five physicians based in San Antonio, Texas who focus on pain management: Shaun Jackson, Stephanie Jones, Raul Martinez, Mark Moran, and Scott Worrich.
Source link
-
-
-
-
-
-
-
-
