Drug addiction treatment service admits attackers stole sensitive patient data

BayMark Health Services, one of the biggest drug addiction treatment facilities in the US, says it is notifying some patients this week that their sensitive personal information was stolen.

It sent notifications to recipients of substance abuse disorder support services on Wednesday, confirming that data, including the type of services a patient received and diagnostic information, was pilfered in an attack between September 24 and October 14, 2024.

The full list of potentially impacted data includes:

BayMark claims to be North America’s largest provider of medication-assisted treatments for substance abuse disorders. It’s the parent company of many different healthcare facilities and specializes in opioid addiction and mental health treatments.

The notification letters sent to individuals didn’t specify the number of potentially impacted patients. However, offering an indication as to how many people benefit from its services, the company says it helps “tens of thousands of individuals on their path to recovery every day.”

It told patients in the letter [PDF]: “On October 11, 2024, we learned of an incident that disrupted the operations of some of our IT systems. We immediately took steps to secure our systems, launched an investigation with the assistance of third-party forensic experts, and notified law enforcement.

“Our investigation determined that an unauthorized party accessed some of the files on BayMark’s systems between September 24 and October 14, 2024. We then initiated a review and analysis of those files.”

That review ended on November 5, at which point BayMark was confident about the data types that were compromised.

“We remain committed to protecting the confidentiality and security of patient information, and apologize for the concern this may cause,” it added. “We are offering complimentary identity monitoring services to patients whose Social Security Numbers or Driver’s License Numbers may have been involved. Additionally, it is always a good idea for patients to remain vigilant and review their statements for suspicious activity.

“We take this matter very seriously. To help prevent something like this from happening again, we have implemented additional safeguards and technical security measures to further protect and monitor our systems.”

The healthcare organization didn’t mention ransomware anywhere in the patient or public notices about the incident. However, leading gang RansomHub has claimed responsibility for the attack in October.

It’s often unclear in cases of a ransomware gang claiming an attack on an organization whether encryption of data was involved, since so much of it is pure data extortion.

Regardless of the incident’s specifics, it appears whatever extortion demands RansomHub made weren’t met, since BayMark’s data appears to have been made freely available via the gang’s leak site.

RansomHub, formed in 2024, rapidly became a leader in the cybercrime space following the fall of former kingpins LockBit and ALPHV/BlackCat, whose affiliates flocked to the next big thing.

The group was able to attract the top talent not just because it was there for the taking, but because it offered affiliates 90 percent of the total cut of extortion payments. The going rate among other crews is usually in the region of 70-80 percent.

With an army of well-paid, prolific attackers under its wing, RansomHub claimed 210 victims in the first six months after spinning up. The victim list is not just broad but includes high-profile organizations such as professional football clubs, world-famous auction houses, and household-name nonprofits. ®

READ MORE HERE