Cyber Incident Victim: Crossroads Technologies

The Crossroads Technologies incident involved a ransomware attack by the Maze Team threat actors, who listed the company on their dedicated leak site in January 2020. DataBreaches.net first reported on the attack during this period, noting that Crossroads Technologies was among the U.S. medical sector entities targeted by Maze. The attackers typically exfiltrated data before encrypting systems, then threatened to publicly release stolen information unless ransom demands were met. By late January 2020, at least one report related to the breach had been submitted to a state attorney general’s office, indicating initial regulatory awareness of the incident. Crossroads Technologies’ name was subsequently removed from Maze’s leak site, a common occurrence when victims negotiated payments or reached agreements with attackers.

The breach had significant downstream impacts due to Crossroads Technologies’ business relationships. Seventeen affiliated entities operating under Personal Touch Home Care ultimately reported the incident to federal and state regulators as a HIPAA breach. These reports, submitted to the U.S. Department of Health and Human Services (HHS), collectively disclosed that the personal and protected health information of over 157,000 patients was compromised. The scale of the breach stemmed from Crossroads’ role as a service provider to these healthcare entities, though the specific systems or data types accessed were not detailed in public disclosures. No patient notifications or public statements from Crossroads Technologies itself were identified in the source material, with all regulatory filings originating from the affected Personal Touch Home Care units. The incident exemplified the cascading risks posed by third-party vendor compromises in healthcare ecosystems.