Warren General Hospital data breach: patient and employee data leaking on dark web

In Data Breach News, Healthcare
November 25, 2023

YourErie.com reports:

A northwest Pennsylvania hospital is warning both former and current patients and employees after suffering a data privacy event earlier this year that potentially affected their confidential information.

According to the hospital’s website, Warren General Hospital (WGH) announced on Nov., 9 they suffered a data privacy event that affected confidential information related to certain current and former WGH patients and/or current and former WGH employees.

[…]

That investigation found that an unknown individual accessed computer systems in the network between September 15, 2023, and September 23, 2023 and downloaded information including names, addresses, dates of birth, Social Security numbers, financial account information, payment card information, health insurance claims information from the network.

Medical information was also potentially affected including diagnosis, medications, lab results, and other treatment information.

Read more at YourErie.com.

Although not mentioned in their report, this incident was reported to the U.S. Department of Health and Human Services on November 9 as affecting 168,921 patients.

Also not mentioned on WGH’s website is that the threat actors are known and they are leaking the employee and patient data on the dark web because WGH has not met their extortion demands.

The ransomhouse listing

On November 14, the RansomHouse ransomware group added Warren General Hospital to their dark web leak site. At the time, they claimed that they had encrypted WGH’s files on September 23, and had exfiltrated 150 GB of data. A proofpack uploaded at the time contained a variety of confidentiality-related forms and files.

On November 25, RansomHouse updated their listing and dumped more files.

Ransomhouse’s Updated Listing Included Even More Files Than Their First Listing In November
RansomHouse’s updated listing included even more files than their first listing in November. Image: The Data Breach Times.

Files in the second proofpack contained more patient-related information such as template forms and staff-related forms, but also some personal information.

The RansomHouse listing indicates that the threat actors have more data that they have not leaked yet.