Cyber Incident Victim: Coastal Family Health Center
Date:
May 2021
Location:
United States of America
Summary
Coastal Family Health Center experienced a cyberattack by the Xing Team, resulting in the unauthorized exfiltration and public release of approximately 506 GB of sensitive data. The breach exposed extensive personal and protected health information, including patient medical histories, lab results, HIV/AIDS-related records, financial verification documents, driver's license copies, and files related to school sports screenings and services for homeless individuals. The threat actor published the data on their leak site, claiming the organization refused to cooperate with their demands. The compromised information spanned recent patient interactions and operational records, though the center's subsequent public communications did not disclose the full scope of the dark web data exposure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around May 24, 2021, Coastal Family Health Center, a Mississippi-based healthcare provider, appeared on the leak site of the ransomware group Xing Team. The group claimed the organization refused to cooperate in addressing the vulnerabilities that enabled the breach, prompting them to publish 506 GB of exfiltrated data. The dumped files contained a wide array of sensitive information, including personally identifiable information (PII), protected health information (PHI), financial records, appointment histories, medical histories, insurance details, and lab results. Specific folders within the data dump revealed photocopies of over 900 driver’s licenses, documents related to sports team screenings conducted in partnership with a public school district, and eligibility forms for healthcare services targeting homeless individuals, which included financial and income verification details. A substantial number of files pertained to patients seen in April 2021 and early May 2021, indicating the breach impacted recent medical interactions. Notably, multiple files contained sensitive health information related to patients with AIDS or HIV-positive status, amplifying potential privacy risks.
Coastal Family Health Center did not respond to multiple inquiries from DataBreaches.net regarding the incident in May 2021. By early July 2021, the organization issued a press release acknowledging the breach but omitted any reference to the 506 GB dark web data dump. The breach had not yet appeared on the U.S. Department of Health and Human Services (HHS) public breach tool as of the July 5, 2021, update to the original report. The exposed data’s scope suggested a significant number of patients required notification, though the entity did not disclose the exact number or the methodology for determining affected individuals. The breach included operational documents, such as contracts and financial records, alongside patient data, indicating broad system access by the attackers. No details were provided regarding Coastal’s incident response actions, containment measures, or system restoration efforts. The prolonged exposure of sensitive data, particularly HIV-related records and financial verification forms, raised concerns about long-term risks to patient privacy and identity security.