On December 6, 2023, ACCU Reference Medical Laboratory was implicated in a data breach when the Medusa Blog claimed to possess 1.2 TB of data and demanded $1 million for deletion. After the payment was not made, the data was leaked on January 2, 2024. This incident was not reported to the HHS public breach tool. On July 10, the Qilin ransomware group took responsibility for a second attack, claiming to have acquired more recent data and sharing unredacted patient information via their leak site. Accu Reference did not respond to inquiries about either incident.
On December 6, 2023, the Medusa Blog added ACCU Reference Medical Laboratory to their leak site with claims of 1.2 TB of data, demanding $1 million.
When no payment was made, Medusa leaked data on January 2, 2024, but this incident never appeared on HHS's public breach tool.
On July 10, the Qilin ransomware group claimed an attack on Accu Reference, alleging data acquisition on July 1.
The Qilin listing included 12 screenshots of unredacted protected health information, indicating it was not just a re-listing from the previous incident.
Collection
[
|
...
]