DataBreaches.net reports that Doctor Alliance, a business associate to covered entities in the healthcare sector, recently fell prey to a cyberattack that allegedly comprised 353 GB of patient files. Making matters even worse, after assuring clients that the vulnerability had been addressed and everything was secure, it was attacked again by the same threat actor who exploited the same vulnerability that they had announced had been secured.
This time, the threat actor acquired even more patient data. The threat actor, called “Kazu,” claims:
After seeing Vivek Kushalnagar Srinivas, the CEO of Doctor Alliance, proudly announce that the company had “fixed the vulnerability” on the same day our first message was published — we decided to dig deeper.
We decide to search and exploit more vulnerabilities in their system .
This time, we managed to extract a total of approximately 5 million files, including:
3,740,129 signed documents from all PGs (917 GB)
1,240,640 unsigned files (353 GB)
Total: nearly 1.27 terabytes of stolen data.
DataBreaches.net reports Kazu’s explanation:
DataBreaches asked Kazu whether the second attack involved the same vulnerability as the first attack. He responded that it did, and that he was able to gain access using an account with high privileges. When asked where/how he acquired the credentials, Kazu responded that Doctor Alliance reuses some admin passwords across multiple admin accounts, and he was able to find one by looking at infostealer logs. DataBreaches is unable to attempt to verify those claims.
If true, reusing admin passwords across multiple accounts is a serious cybersecurity flaw. Was the compromised login credential an older password that had never been changed? If so, that would be another flaw.
Read more at DataBreaches.net. It is not clear what Doctor Alliance is doing in response to the incident, as they have not posted any statement on their website.
In related coverage, SuspectFile discusses some mistakes they believe Doctor Alliance has made in incident response and transparency.
