Netwalker Ransomware Stole Data After Targeting Lorien Health Services

Maryland-based nursing home facility Lorien Health Services has disclosed a ransomware attack. The incident impacted the data of around 50 thousand individuals.

Lorien Health Services Suffered Ransomware Attack

In a recent security note, Lorien Health Services disclosed that it suffered a ransomware attack.

As revealed, the incident hit the health facility on June 6, 2020, and the malware encrypted part of its data. Though, the facility quickly detected the incident and engaged cybersecurity experts to investigate the matter.

Consequently, on June 10, 2020, the investigated revealed that the attackers accessed personal information of Lorien Health Services customers.

According to the report Lorien Health Services submitted to the U.S. Department of Health and Human Services Office for Civil Rights (OCR), the incident precisely affected 47754 individuals.

Regarding the stolen information, the facility’s security notice revealed:

The information may have included residents’ names, Social Security numbers, dates of birth, addresses, and health diagnosis and treatment information.

Following the incident, the service reported the matter to the FBI and notified the affected customers of the matter.

They are also offering credit monitoring and identity protection services to the victims as well.

Netwalker Leaked Stolen Data Online

Though, Lorien Health Services did not specifically state anything about the attackers. Nonetheless, according to BleepingComputer, the service fell prey to the Netwalker ransomware gang.

As reported, Netwalker operators already disclosed the incident in June 2020, the same month of the attack. They shared screenshots of directory listings belonging to the facility as proof of the attack.

For now, they have dumped part of the stolen data online as a 147MB password-protected archive and the unlock key.

Besides, since they named this file as ‘Part 1’, they potentially hint about sharing more data in the future.

Though it remains unclear whether Lorien Health Services paid the ransom to the attackers, or the threat actors published the data as revenge for non-payment.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients