Cybercriminals expose employee information of healthcare provider CarePartners

• The Canadian firm suffered a data breach back in June 2018 putting sensitive information of patients in the hands of cybercriminals.
• The latest incident exposed employee information belonging to CarePartners along with that of patients. Both breaches were perpetrated by the same group.

As per new reports, Ontario-based healthcare service provider CarePartners was victim to a new data dumping incident by a cybercriminal group.

Dubbed as “Team_Orangeworm”, the group also took credit for an earlier breach on CarePartners that happened last year. While the previous breach was pertaining to patient data, this time the group has disclosed employee-related information of the firm as a measure of online extortion.

According to databreaches.net, which reported the incident earlier, they also received exposed data from the attackers for examination.

Thousands of patient medical files and employee files

“The first one, allegedly containing financial and employee information, did not download correctly and this site was not able to actually get the files and examine them at that time. The second dump, allegedly containing more than 80,000 patient medical files, did download completely, but that dump is encrypted and the hackers will only provide the encryption key to anyone willing to pay 5 BTC for the key,” read the blog.

The recent dump contained more than 12,000 files which included employees’ earnings, contractor details etc. As an example, databreaches.net analyzed one specific file called ‘2010 T4 (Employee Copy).pdf’. It contained around 724 T-4 forms where each one had an employee’s name, address, social insurance number, wage, and deductions information.

‘Team_Orangeworm’ also warned of three more potential data dumps containing files on employees as well as corporate files. The healthcare provider is yet to respond to this security issue.