Cyber Incident Victim: St. Rose Hospital
Date:
Dec 2022
Location:
United States of America
Summary
St. Rose Hospital experienced an unauthorized disclosure of sensitive data after a threat actor posted a sample of allegedly stolen information on a hacking forum, with the full dataset reportedly containing 1.7 TB of internal documents including patient medical records, personal details for approximately 20,000 patients and 1,600 staff members, financial information, building plans, and technical databases. The incident has been linked to the BianLian ransomware group based on their dedicated leak site activity, though the exact relationship between the forum poster and the group remains unclear. The hospital has not publicly acknowledged the breach or responded to multiple inquiries about the security incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 20, 2023, a user on a popular hacking forum posted a listing containing documents allegedly exfiltrated from St. Rose Hospital in Hayward, California. The listing was presented as a "demo data pack" rather than a sale, offering proof of a larger 1.7 TB dataset claimed to be in the attacker's possession. Evidence within the demo pack confirmed the presence of genuine sensitive information, including staff personal data (1,600 records containing phone numbers, addresses, and Social Security Numbers), patient personal data (20,000 records with similar PII), and 195 GB of patient medical data such as scans and personal medical records. Additional compromised materials included financial records, business documents, building plans, accident reports detailing incidents like drug overdoses and harassment, project files, technical data (SQL databases and backups), and email archives. Analysis of file timestamps in the demo pack indicated the most recent documents originated in late October 2022, suggesting the breach likely occurred in November 2022 or later. The forum user did not disclose intentions for the full dataset, though private sale remained a possibility, and no evidence indicated whether the hospital had been contacted for extortion demands prior to the leak's publication.
DataBreaches.net attempted to contact both the forum user and St. Rose Hospital's media relations team on December 26 but received no responses. The hospital’s website showed no public statements acknowledging a breach or security incident as of the article’s publication. An update revealed the data matched material from BianLian’s dedicated leak site, though the relationship between the forum poster and the BianLian group remained unclear—the individual could have been a BianLian affiliate or an independent actor repurposing the data to enhance their reputation within the hacking community. The absence of hospital confirmation or remedial action notices left the scope of impacted individuals and systems unverified, while the public exposure of sensitive medical records, employee PII, and internal operational documents created significant privacy and operational risks for patients and staff.