Home Vulnerabilities 2.4 Million Patients Affected During a Forefront Dermatology Data Breach

2.4 Million Patients Affected During a Forefront Dermatology Data Breach

A fresh cyberattack targeted a medical clinic and led to a Forefront Dermatology data breach that compromised the credentials of 2.4 million patients and employees.

Forefront Dermatology Data Breach Leads to Credentials’ Disclosure

DataBreaches.net has reported a new information leakage during a recent cyberattack that targeted Forefront Dermatology S.C, a Winsconsin-based dermatology clinic that has offices in Washington D.C. and other 21 states. The publication said that behind the attack is none other than the Cuba Ransomware Group because they discovered on the dark website of the gang 130 files containing data related to the company’s network, systems, and logins to health-care-insurance-websites.

What Data Has Been Leaked?

Forefront shared its input on their website, announcing the type of supposedly leaked data during the Forefront Dermatology data breach.

This includes data related to providers, patients, and employees:

  • Account numbers of patients;
  • ID code related to the healthcare insurance scheme;
  • Medical file numbers;
  • Service info;
  • Names of providers;
  • Name, birth date, and address of the patients;
  • Info on treatment.

However, there is NO evidence that this includes:

  • Financial Info;
  • Driver’s license number;
  • Social security numbers.

What Caused the Forefront Dermatology Data Breach?

Many of the leaked passwords were not strong enough to face this kind of cyberattack. They contained the word “Forefront” within and other included versions of “DAWderm1!.”.

Forefront company took immediate measures and started notifying patients, employees, and their compromised insurers.

Cuba Ransomware Group Back in the Game

Back in May, the Profero CEO, Omri Segev Moyal, observed that the method used by Cuba Ransomware groups consists of

symmetric ChaCha20 algorithm utilizes the symmetric ChaCha20 algorithm for encrypting files, and the asymmetric RSA algorithm for encrypting key information. As a result … files could not be decrypted without the threat actor’s private RSA key.


The same person also said that Cuba Ransomware Group has kept a low profile for a while, but now the new Forefront dermatology data breach proves they are back in the game.

Databreachtoday.com also mentions that some Group-IB researchers revealed in May the method that the group adopted by coopting the Hancitor malware downloader and using it lately together with Cuba ransomware to exfiltrate data and extort ransomware during a phishing campaign.

Gradually Discovering It

The investigation the clinic has conducted led to some discoveries, the company announced in the same notification.

The company’s IT network intrusion was firstly discovered on the 4th of June. They immediately took measures, went offline, made sure their systems were protected and sent a notification to law enforcement.

Researchers from Forefront came to some conclusions on the 24th of June. The results stated on their website point out that the Forefront Dermatology Data Breach happened between 28th May and 4th June with unauthorized threat actors obtaining access to the company’s network.

Source link


New infosec products of the week: July 23, 2021

Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks Stellar Cyber introduced a...

Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained...

Kaseya obtains REvil decryptor, starts sharing it with afflicted customers • The Register

Software-for-services providers business Kaseya has obtained a "universal decryptor key" for the REvil ransomware and is delivering it to clients. A brief Thursday update...

Most Popular

‘Critical Severity’ Warning for Malware Embedded in Popular JavaScript Library

Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close...

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in "UAParser.js," a popular JavaScript NPM library with over...

Recent Comments