DataBreaches.net reports that a solo threat actor claims to have attacked two telehealth providers and exfiltrated patient data.
One of the providers, OpenLoop Health in Iowa, disclosed its incident to the California Attorney General’s Office. The disclosure does not reveal how many patients have been affected, but “Stuckin2019” (also known as “Stuck”) claims to have obtained information on 1.6 million patients. If or when the incident is reported to HHS or the Maine Attorney General’s Office, we may learn the total number of affected patients.
Data from the OpenLoop attack should not be available online. Stuck informed DataBreaches.net that OpenLoop paid him, so he had removed his listing about the breach from the popular hacking forum where it had been posted and deleted the data.
The second provider is Zealthy in New York. They have not disclosed any breach, nor responded to inquiries. According to Stuck, he obtained information on 2.1 million Zealthy patients, but unlike OpenLoop, Zealthy did not respond to his emails requesting payment to delete the data.
Read more about these incidents at DataBreaches.net.
