Hackers have breached Albany ENT & Allergy Services, a medical specialty practice in upstate New York, compromising the personal and protected health information of nearly 224,500 employees and patients.
The incident, discovered in March, involved the theft of over 2 terabytes of data, according to RansomHouse, a dark web leak site. While Albany ENT & Allergy did not mention the ransomware attack and data exfiltration in its breach report, the practice is conducting a forensic investigation and taking steps to enhance security measures and training for employees.
RansomHouse, a relatively new extortion gang, listed Albany ENT & Allergy Services on its dark web leak site, claiming that the practice’s data was encrypted on March 23.
Although the practice did not disclose the attack in its breach report, it is actively investigating the incident and has acknowledged “suspicious activity” on its computer network in a sample breach notification letter. Patients were informed of “technical difficulties” on the practice’s Facebook page on March 27.
Albany ENT & Allergy Services is reviewing its privacy and security policies, implementing additional safeguards, and providing extra training to employees in response to the breach.
While the incident has not yet appeared on the U.S. Department of Health and Human Services’ data breach listing, RansomHouse has been linked to cyberattacks in the healthcare sector internationally, with the government of Catalonia blaming them for a ransomware attack on Hospital Clinic de Barcelona in March, which caused significant disruptions.
