Cyber Incident Victim: Atlantic Dialysis Management Services
Date:
Jun 2022
Location:
United States of America
Summary
Atlantic Dialysis Management Services experienced a cybersecurity incident involving unauthorized access to its systems, prompting immediate network security measures and a forensic investigation. The breach potentially exposed sensitive patient information, including names, addresses, social security numbers, dates of birth, medical diagnoses, treatment details, insurance data, and prescription records. Contrary to the organization's public statements downplaying data exposure, a threat actor known as Snatch Team leaked substantial volumes of stolen files containing unredacted patient records, clinical reports, medication summaries, and research protocols detailing adverse events in hemodialysis studies. The leaked data included highly specific personal and medical details despite ADMS asserting only limited access occurred and no evidence of misuse existed. The discrepancy between the organization's notifications and the confirmed data leak raised concerns about transparency regarding the incident's severity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Atlantic Dialysis Management Services (ADMS) detected unauthorized activity within its computer systems on June 9, 2022. The organization immediately secured its network, reset passwords, and engaged a third-party forensic firm to investigate. The investigation confirmed that a limited amount of patient information might have been accessed, though ADMS stated there was no evidence of misuse at the time. On June 30, 2022, after observing a listing for ADMS data on a leak site, an independent cybersecurity outlet contacted ADMS via their website contact form but received no response. By July 20, threat actors operating under the name "Snatch Team" leaked 812 MB of ADMS files on their platform. The outlet again attempted contact with ADMS on July 22 without success.
ADMS issued a public statement on August 5, 2022, acknowledging the potential access of patient data but omitting any reference to confirmed data exfiltration or leaks. The notice specified that compromised information could include patient names, addresses, Social Security numbers, dates of birth, medical diagnoses, treatment details, health insurance information, and prescription data, with variability in impacted data per individual. Forensic analysis was ongoing to identify affected individuals for notification. However, evidence contradicted ADMS’s characterization of the incident: Snatch Team had already leaked files containing unredacted patient records with names, contact information, Social Security numbers, insurance details, dialysis service records, and clinical summaries prior to the August 5 statement. On August 14, Snatch Team provided the cybersecurity outlet with a sample of over 400 additional unreleased files, including research protocols documenting serious adverse events in hemodialysis patients (with anonymized participant demographics and medical details), redacted clinical reports, medication summaries with patient identifiers, and unredacted discharge summaries. Excel and Word files from studies also exposed patient names and treatment specifics. ADMS did not disclose the extortion attempt or existing data leaks in its communications, and the breach had not yet appeared in HHS’s public breach database at the time of reporting, leaving the total number of affected patients undisclosed.