Fitzgibbon Hospital, Diskriter, Christiana Spine Center Suffer Ransomware Attacks

On June 25, 2022, a spokesperson for a threat group called DAIXIN Team contacted HIPAA Journal to share information about a ransomware attack and data theft incident at Fitzgibbon Hospital in Marshall, Missouri. A link was shared to a dark web resource where data stolen in the attack has been published.

The published data includes database tables from the MEDITECH database, and sensitive documents containing patient data stolen from internal servers. In total, 40GB of data was stolen in the attack and included names, dates of birth, medical record numbers, patient account numbers, Social Security numbers, and medical and treatment information.

DAIXIN Team was previously not known to HIPAA Journal and appears to be a new ransomware group. Further information on the group and the attack has been obtained by and confirmed through a shared chat log that a representative for Fitzgibbon Hospital had made contact with DAIXIN Team to negotiate the ransom payment, but no payment has been made to date.

There is currently no breach notice on the Fitzgibbon Hospital website, and no reported breach at this stage on the HHS’ Office for Civil Rights website, so it is unclear how many patients have been affected. At the time of writing, the stolen data is still available for download.

Please see the HIPAA Journal Privacy Policy

Hive Ransomware Threat Group Attacks Health Information Management Service Provider

The Hive ransomware group has claimed to have conducted a ransomware attack on Diskriter, a Pittsburgh, PA-based provider of health information management, transcription, and revenue cycle management services. The group claims to have exfiltrated 160GB of data prior to file encryption, including files containing software source code, financial data, employee information, sensitive business data, login data including passwords and usernames, and files containing patient data.

The attack was allegedly conducted on June 8, 2022, and in addition to encrypting files, backup files were also encrypted. At the time of writing, the ransom has not been paid. Some of the stolen data has been published on the Hive ransomware gang’s data leak website. Diskriter has not publicly confirmed the attack at this point and it is unclear how many patients have had their protected health information exposed.

Ransomware Attack Reported by Christiana Spine Center

Newark, DE-based Christiana Spine Center has confirmed it was the victim of a recent ransomware attack. The attack was detected on February 25, 2022, and steps were immediately taken to contain the attack. Forensic and cybersecurity experts were engaged to investigate the breach and determined files containing names, addresses, phone numbers, social security numbers, health insurance identification numbers, and personal health information may have been accessed in the attack.

The review of the affected files confirmed up to 3,500 patients may have been affected. They have been offered complimentary 12-month memberships to a credit monitoring service. Christiana Spine Center said no evidence was found to indicate any patient data has been stolen or misused.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.