"The RansomHub threat group has recently announced on its data leak site that one of its affiliates has breached the network of American Clinical Solutions (ACS), a Boca Raton, FL-based provider of urine and oral fluid drug confirmation testing services.
According to the listing on the data leak site, RansomHub breached ACS’s systems in mid-May and stole the data of more than 500,000 individuals who had samples tested for prescription and narcotic drugs. According to Marco A. De Felice of SuspectFile, the exfiltrated data includes 35 GB of medical records. The documents examined by De Felice included the full name of the patient, their date of birth, gender, patient ID, doctor’s name, name of the clinic that requested the test, and the laboratory results, with some files also including policy numbers, Social Security numbers, insurance data, and phone numbers.
RansomHub claims to have encrypted files on the network and gave a deadline of May 25, 2024, to pay the ransom to prevent the publication of the stolen data. On May 27, 2024, the leak site only included a 67.2 MB sample of the stolen data. ACS has yet to issue a statement about the incident."
https://www.hipaajournal.com/ransomhub-american-clinical-solutions/
"The RansomHub threat group has recently announced on its data leak site that one of its affiliates has breached the network of American Clinical Solutions (ACS), a Boca Raton, FL-based provider of urine and oral fluid drug confirmation testing services.
According to the listing on the data leak site, RansomHub breached ACS’s systems in mid-May and stole the data of more than 500,000 individuals who had samples tested for prescription and narcotic drugs. According to Marco A. De Felice of SuspectFile, the exfiltrated data includes 35 GB of medical records. The documents examined by De Felice included the full name of the patient, their date of birth, gender, patient ID, doctor’s name, name of the clinic that requested the test, and the laboratory results, with some files also including policy numbers, Social Security numbers, insurance data, and phone numbers.
RansomHub claims to have encrypted files on the network and gave a deadline of May 25, 2024, to pay the ransom to prevent the publication of the stolen data. On May 27, 2024, the leak site only included a 67.2 MB sample of the stolen data. ACS has yet to issue a statement about the incident."