Atlanta-based software company Young Consulting recently reported that an attacker from the ransomware organization ‘BlackSuit’ stole 954,177 individuals’ personal information.
On August 26, 2024, Young Consulting notified affected individuals that their personal information was stolen during a ransomware attack from April 10, 2024, to April 13, 2024.
The Russian-speaking subdivision of the former ‘Conti ransomware’ group, known as BlackSuit, targeted names, birthdates, Social Security numbers, and insurance policy information.
While the investigation is ongoing, it has been confirmed that some affected data belonged to Blue Shield of California and other HIPAA-covered entities.
According to the Young Consulting notice of data privacy event, the organization stated, “As part of our ongoing commitment to the privacy of information in our care, we are reviewing our policies, procedures, and processes related to the storage and access of sensitive information to prevent something like this from happening in the future.”
Ransomware attacks usually involve data exfiltration before encrypting the victim's systems. BlackSuit actors often use phishing emails to access their target. Once inside, they disable antivirus software, exfiltrate large amounts of data, and then use ransomware to encrypt the system. If a ransom is not paid, BlackSuit resorts to extortion, threatening to publish the stolen data on a leak site.
Their ransom demands usually range between $1 million and $10 million, payable in Bitcoin, with total demands exceeding $500 million. Although the group will negotiate payment amounts, their victims must interact directly with the threat actors via a .onion URL accessible through the Tor browser, provided after encryption.
According to the Cybersecurity and Infrastructure Security Agency (CISA), there has been an increase in instances where victims received follow-up communications from BlackSuit actors via phone or email to negotiate payment amounts.
Learn more: Understanding and managing a HIPAA breach
Personal data is a prime target for ransomware gangs like BlackSuit. The theft and potential exposure of personally identifiable information (PII) compromises affected individuals' privacy and security,
So, to prevent these attacks, CISA urges HIPAA-covered entities to remediate known exploited vulnerabilities, train staff to recognize and report phishing attempts and use multifactor authentication across their networks.
Learn more: HIPAA Compliant Email: The Definitive Guide
Protected health information (PHI) is any information that can be used to identify a patient and relates to their health status, treatment, or payment for healthcare.
Personally identifiable information (PII) includes any data that can be used to identify a specific individual, like names, addresses, and Social Security numbers.
A breach occurs when an unauthorized party gains access, uses, or discloses PII or PHI without permission. Breaches include hacking, losing a device containing this data, or sharing information with unauthorized individuals.