Bloody hell, have you heard the latest one about The Eye Clinic Surgicenter? It’s a right old riddle, it is. Get a load of this – it looks like this bunch of healthcare pros over in Montana have been on the receiving end of not one, but two cyberattacks, and here’s the kicker – they’re from two different groups. Cheeky blighters, right?
Last week, the underworld of cyber villains got a new addition. A group of miscreants operating under the vaguely comical alias ‘Meow Leaks’ targeted The Eye Clinic Surgicenter, reportedly pilfering away a whopping 59 GB of data. What’s the ransom for such a haul, you ask? Meow Leaks have apparently slapped a $50,000 price tag for exclusive rights to the stolen data package and half that for a non-exclusive purchase. This is not your sibling bargaining your favourite sweets for the TV remote, folks… it’s serious stuff.
Wondering what’s included in this deviously obtained bundle? The claims made by Meow certainly raise eyebrows. It seems they’ve got a combination of employee identities (nothing like your full name, social security number, and driver’s license to get the blood pumping), medical records of patients, and a side of internal doc-bits from the practice. Quite the recipe for disaster, wouldn’t you say?
But, plot twist: Our friends at DataBreaches.net poked their noses around and discovered something interesting. Earlier this year, another group of digital marauders, aptly named ‘Black Suit’, also had The Eye Clinic Surgicenter in their crosshairs. They managed to gather a cool 52 GB of data. Cor blimey! One could ask if Black Suit and Meow had a bit of a joint venture going or were at two different parties?
There’s a slight contretemps though – while Meow claims to be the kitty that doesn’t roar, i.e. they don’t encrypt or lock the data of medical entities, Black Suit doesn’t play by the same rules. It’s in their modus operandi to encrypt the victim’s data post exfiltration. So, did Black Suit follow its usual pattern, while Meow spitballed them later on? Riddles upon riddles…
Here’s the rub. We haven’t heard a peep from The Eye Clinic Surgicenter. Not even a ‘no comment’. It’s been four long months since Black Suit did their dance, and yet, nothing on the entity’s website about the data breach. No sign of reports on regulatory bodies’ platforms either. Despite serving the folks of Montana and Wyoming – and being accountable to the state’s breach notification law – they’ve been as silent as a church mouse.
Two unanswered inquiries later, you have to wonder if the patients have a clue about their personal info marketed on the dark web. Unbeknownst to them, they could be at risk of fraud or worse. It’s a right boggler, isn’t it?
Anyway, that’s the tale. If The Eye Clinic Surgicenter decides to break the silence, you’ll be the first to know. Watch this space!
by Parker Bytes
