The RansomHub group made headlines last February when, following a cyberattack on Change Healthcare, they disrupted operations for several weeks. Change Healthcare is the largest U.S. provider of revenue and payment cycle management, connecting payers, providers, and patients within the American healthcare system. A week ago, a RansomHub affiliate successfully breached the systems of another major U.S. medical entity, American Clinical Solutions, LLC (ACS).
ACS is a provider of medication confirmation services, offering prescription and illicit narcotics testing to healthcare professionals and medical facilities nationwide, with its headquarters in Florida.
In mid-May, a RansomHub affiliate managed to infiltrate ACS’s computer systems, exfiltrating a total of over 700GB of data, as reported on the group’s blog.
Screenshot and redaction by SuspectFile.com
Among these, over 35GB pertain to more than 400,000 medical records of patients who have undergone testing at the company’s laboratories.
Screenshot and redaction by SuspectFile.com
We report some medical records where patients’ PHI data are visible, the documents refer to recent laboratory tests.
- Full name of the patient
- Date of birth
- Gender
- Patient ID
- Doctor’s name
- Name of the Clinic that requested the test
- Laboratory results
The file names are alphanumeric. If the first letter is a “U”, it indicates tests conducted on a urine sample, while if the first letter is an “O”, it indicates an oral test. The sequential number indicates the quantity of tests performed by the analysis laboratory.
Screenshot and redaction by SuspectFile.com
Screenshot and redaction by SuspectFile.com
Among the files stolen by the ransomware group, there are also names of insurance companies, health insurance policy numbers, SSNs, and patients’ phone numbers.
Screenshot and redaction by SuspectFile.com
After exfiltrating the 700GB of data, RansomHub encrypted the entire network, disabling the functionality of most of their computers. The ransomware group has set tomorrow, May 25th, as the last day for ransom payment, after which the documents in their possession will be made public.
As of today, no statement has been published on the American Clinical Solutions website informing its employees and patients about the incident.
We have contacted American Clinical Solutions via email, but we have not received responses to our inquiries.
We will update the article as soon as we can provide further details on the case.