In recent days, the Medusa group published a series of proof files on their blog, stolen from the servers of the private oncology center Radiosurgery New York (RSNY), out of a total of over 64GB of data exfiltrated and subsequently encrypted.
By analyzing the file tree available on the .onion site, which contains over 44,000 lines of data, we were able to verify that most of these are PHI of oncology patients treated at RSNY. In one file, we were able to verify the presence of data for over 1,800 unique patients, including:
- Names and surnames
- Dates of birth
- Driving licenses
- Health insurance
- Medical Records Number (MRN)
- Medical diagnosis
- Type of examination performed
Screenshot and redaction by SuspectFile.com
There are also complete medical records of patients and their medical histories, including diagnostic tests and medical reports. The image below shows a portion of one of these records.
Screenshot and redaction by SuspectFile.com
As of today, no statement regarding the data theft has been published on the Radiosurgery New York website. We have therefore sent a request for comment on the data breach, but have not received any responses prior to the publication of this article.
We will update the article as soon as we are able to provide further details on the case.