“ThreeAM caught DataBreaches’ eye because one of the victims on their leak site is Visiting Physician’s Network (VPN) in Texas. The medical practice appeared to have been added on or about September 4. “
“In this case, the listing also indicates that the threat actors have leaked 85% of the files they acquired and that 272 people have viewed the listing. The listing also shows that they acquired patient chart scans, divided into three groups of folders by patients’ last name. The listing doesn’t indicate how many people may have downloaded or viewed the scanned files. “
“When expanded, each of the three parts of the leak contained folders on numerous patients. The first part, for example, has folders for patients whose last names began with A-I. There are almost 1,160 patient folders in that one part, and for every patient, there are multiple files — usually from 2016 or 2017. The following image, redacted by DataBreaches, shows a number of files for one patient. Every filename begins with the patient’s first name and last name — a system used for all their patient records in these directories. “
“Based on prior reports about ThreeAM, DataBreaches sent them some inquiries on September 16. They replied today, responding to the first question by saying that they had checked VPN’s security three weeks ago, and had locked it and “unloaded all their data.” “
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.