BST & Co. CPAs LLC

BST & Co. CPAs LLC, also known as BST, is a certified public accounting firm organized as a limited liability company. Its headquarters is located in the United States of America. The firm provides accounting, auditing, tax, and advisory services to a range of clients. Among its clients are healthcare organizations, as evidenced by its relationship with Community Care Physicians, a large medical group. BST operates as a professional services firm that handles sensitive financial and personal information for its clients. The firm’s core practice centers on delivering CPA‑regulated services in accordance with professional standards.

In December 2019, BST experienced a ransomware attack carried out by the Maze ransomware gang. The attackers infiltrated BST’s network and exfiltrated data belonging both to the firm’s employees and to its client Community Care Physicians. Exfiltrated information included patient names, birth dates, medical record numbers, insurance details, as well as employee Social Security numbers and payroll records. BST reported that it restored affected systems using backups and stated there was no confirmation of unauthorized data acquisition. Despite BST’s statement, Maze publicly posted the stolen files, including internal and client documents. Community Care Physicians notified affected individuals but reported no evidence of data misuse resulting from the breach. The incident highlighted the risks posed by third‑party vendor vulnerabilities in healthcare data chains.