As you know, I love a good detective story, and this bit of news involving a data security mishap certainly sparked my curiosity, not unlike a good mystery novel.
You might’ve heard of Equinox, a human services venture over in the capital region of New York State. They’ve been providing an essential lifeline for many in society – 3,500 individuals each year who battle the trials of everything from domestic violence and addiction, to the challenges posed by homelessness, poverty and mental health disorders. Importantly, their operation extends across several locations, including residential facilities. It’s the sort of tough, vital work we ought to be supporting, not thwarting.
However, on April 29, they unearthed a rather unsettling discovery and notified patrons and personnel of a data security kerfuffle. Things became clearer come November 15, and it transpired that the culprit was this dreadful creature called LockBit3.0, not quite your typical highway robber, but certainly a figure of interest.
What tickled my curiosity was that Equinox appeared to downplay the affair somewhat, describing it as a mere disruption to access to certain network resources. There was nary a whisper of whether this could be classified as a ransomware attack, or even if any file encryption was involved.
Fast forward to mid-May, and you find that this villainous LockBit3.0 had added our friends at Equinox to their shady, rogue’s gallery (affectionately known as a leak site). By mid-August the game was thoroughly afoot. LockBit updated the listing and dangled a rather stern ultimatum, tying Equinox up in ropes and telling them they had until the end of the month to respond to this damning accusation.
Before we get ahead of ourselves, it transpired that LockBit leaked an eye-watering 31.8 GB of files from Equinox! When you’ve seen a digital heist or two, as we have in this world of cybersecurity, you know that’s not something to take lightly.
Intriguingly though, Equinox didn’t reveal that any data had been leaked when they spilled this unsettling news in their notification letter. But what they did share was a bit of a laundry list of details that may have been accessed or whisked away – everything from names, addresses, dates of birth and health insurance details, to more intimate snippets such as medical treatment info and medication-related information. Given the sector Equinox operates within, one does feel a shiver run down their spine at this revelation.
Sadly, this isn’t unique. Too many times, we’ve found that old data, sometimes over a decade old, is dug out and exposed. Obviously, this is information different for each entity, but it stings all the same.
At present, the plot is still thickening, as the total count of individuals impacted by this breach hasn’t hit the public domain yet. Just like you, we’ll be keeping an eye on this enigma, and certainly hope for swift justice.
Here’s one for you — a slight correction to our timeline. It seems LockBit first added Equinox to its gallery on May 18, 2024. An earlier version listed this event happening on May 24, but never fear, we’ve righted our ship in due course, much like we know our friends at Equinox will be doing, too.
So, dear reader, let’s take this as another reminder to guard our data as we would our crown jewels. You never know who’s on the other end of the line. Be sure to keep checking in for more updates as we keep an ever-watchful eye on this ever-changing world of cybersecurity in healthcare.
by Parker Bytes
