Mental Health Provider Breached by Ransomware

Last updated on May 8th, 2024 at 11:46 pm

An AI generated image of a  blue and black cat with glowing yellow and orange eyes looking at a silver and pink computer.
Image generated via Midjourney. Prompt: An evil black cat looking menacingly at a laptop, bold colors.

According to security researcher Dominic Alvieri, notorious ransomware gang BlackCat allegedly breached an Alabama based mental health provider. Safe Not Scammed is not naming the facility so it can focus on securing its systems and protecting its patients.

The breach 

BlackCat claims to have stolen “patient logs, patient mental illness records, SSNs, DLs, [and] Employees (sic) passwords,” according to a screenshot of the gang’s leak site shared by Alvieri. 

Worse, BlackCat claims “All patients and employees will be contacted by phone and offered to pay for their own data removal.” 

This is presumably meant to pressure the facility into paying a ransom, as the gang adds, “[facility name] you still have some time to resolve the issue. CEO is welcome to chat with us.” 

The threat is most likely not a bluff, as ransomware gangs have been known to contact individuals whose data was exposed by a company they attacked.

Leaking highly sensitive data

An AI generated image of a woman sitting at her laptop, with her face in her hands.
Image generated using Midjourney. Prompt: Anguish after a data breach, bright colors.

The extremely sensitive nature of the information stolen in his breach will harm patients if it is published. 

Not only will it be potentially traumatizing for patients to have highly private medical information made public, the stigma of mental illnesses could result in patients being bullied or extorted by whomever accesses their information.

Unfortunately, BlackCat has no conscience when it comes to publishing sensitive patient data. In a new low even for ransomware gangs, earlier this year the group published medical photographs of cancer patients’ naked breasts after stealing them during an attack on Lehigh Valley Health Network.


An abstract AI generated image of the back of a young man's head, with stripes of color leaking out of it.
Image generated via Midjourney. Prompt: Mental health data breach, bright colors.

This is not the first time bad actors have stolen, and leaked, sensitive mental health information. 

In 2020, cybercriminals stole patient information from Vastaamo, a Finnish mental health provider. The stolen data included detailed notes from therapy sessions where patients discussed adultery and suicide attempts, for example.

The hackers attempted to extort Vastaamo for 40 Bitcoin and individual patients for 200 Euro’s worth of Bitcoin. However, the entire patient database was leaked online, meaning incredibly sensitive conversations between Vastaamo patients and their therapists are still out there, somewhere, for anyone to see.

The future

As ransomware attacks are increasing and medical facilities are attractive targets, we can expect more bad actors to steal and publish highly personal health information. This will have dire consequences for everyone’s medical privacy.

Update July 16th 12:50pm The mental health facility has since been removed from BlackCat’s leak site, according to a tweet by threat analyst Brett Callow. It’s unclear whether the facility paid the ransom or if the listing was removed for other reasons.

Leave a Comment

Your email address will not be published. Required fields are marked *