- BayMark Health Services confirmed that it suffered a cyber attack in September 2024
- Scammers have stolen Social Security numbers, driver’s license numbers and more
- The company does not want to say how many people are affected
BayMark Health Services, a US healthcare provider that helps people treat and recover from substance abuse and mental health issues, has confirmed it suffered a cyberattack and lost sensitive patient data.
In a filing with the California attorney general, which includes a letter sent to affected individuals, BayMark said the attack happened in September 2024, but did not say how many people lost their data:
“On October 11, 2024, we learned of an incident that disrupted the operation of some of our IT systems. We took immediate steps to secure our systems, initiated an investigation with the assistance of third-party forensic experts, and notified law enforcement,” the breach notification letter said. “Our investigation determined that an unauthorized party accessed some files on BayMark’s systems between September 24, 2024 and October 14, 2024. We then started a review and analysis of those files.”
RansomHub
The subsequent investigation, which was completed in early November, determined that the threat actors took social security numbers (SSN), driver’s license numbers, dates of birth, types of services received, dates of service, insurance information, treating service providers. and treatment/diagnostic data. More than enough for phishing, identity theft and other forms of cybercrime.
To mitigate the incident, BayMark is offering a year of free Equifax identity monitoring services to affected patients.
Although the company did not discuss who the attackers were, BleepingComputer discovered that the ransomware gang RansomHub took responsibility and added BayMark to its data breach site. There, the miscreants said they stole 1.5 TB of sensitive data, which they also uploaded to the leak site. This would mean that BayMark most likely did not pay the ransom demand.
RansomHub is a relatively young ransomware operation that emerged after the infamous ALPHV group stole $22 million from ChangeHealthcare and disappeared.
Via BleepingComputer