Cyber Incident Victim: Medical Healthcare Solutions
Date:
Oct 2021
Location:
United States of America
Summary
Medical Healthcare Solutions suffered a ransomware attack by the Conti group, leading to unauthorized access and exfiltration of sensitive personal and medical information. The breach involved data such as names, contact details, Social Security numbers, financial information, medical records, and insurance details. The company discovered the incident in mid-November, initiated an investigation, notified law enforcement, and implemented enhanced security measures. Impacted individuals, including over 118,000 Massachusetts residents, were notified months later and offered 24 months of credit monitoring and identity protection services. Conti subsequently leaked a significant portion of the stolen data on their public platforms, though the company’s communications did not explicitly acknowledge the public exposure of the compromised information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Medical Healthcare Solutions (MHS), a Massachusetts-based entity providing services to healthcare clients, experienced a cyber-incident involving unauthorized access to its data network. The attack occurred when Conti ransomware operators exfiltrated files from MHS’s systems between October 1 and October 4, 2021. Conti listed MHS on its dedicated leak site on October 27, 2021, indicating the attackers had already compromised the network and attempted extortion by that date. MHS did not publicly acknowledge the ransomware nature of the attack or identify Conti as the perpetrator. On November 19, 2021, MHS discovered that files might have been removed from its network, though the exact circumstances of this discovery were not disclosed. The company immediately shut down its data systems, initiated an investigation, and notified law enforcement. Additional security measures were implemented following the breach.
MHS completed its investigation by January 8, 2022, identifying the scope of impacted protected health information (PHI). On January 21, 2022, MHS began mailing notifications to affected individuals on behalf of its clients, Harvard Medical Faculty Physicians at Beth Israel Deaconess Medical Center and Associated Physicians of Harvard Medical Faculty Physicians. The compromised data included names, addresses, dates of birth, Social Security numbers, financial account details, medical record numbers, insurance information, diagnosis codes, treatment details, and prescription data. Conti leaked approximately 95% of the exfiltrated files publicly on January 15, 2022, distributing them via dark web and clearnet channels, though MHS’s notifications did not explicitly reference this exposure. MHS established a dedicated assistance line and offered 24 months of credit monitoring and identity protection services to impacted individuals. The incident was reported to the Massachusetts Attorney General’s Office on January 24, 2022, affecting 118,417 Massachusetts residents. As of the article’s publication, the breach had not appeared on the U.S. Department of Health and Human Services’ public breach portal, leaving the total number of affected patients unconfirmed.