cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

LockBit, Qilin likely responsible for radiology clinic data breach affecting more than 500k

A United States radiology clinic has begun notifying patients of a data breach impacting 511,947 patients.

user icon David Hollingworth
Thu, 20 Jun 2024
LockBit, Qilin likely responsible for radiology clinic data breach affecting more than 500k
expand image

Consulting Radiologists, based in the US state of Minnesota, shared the details of the letter with the Office of the Maine Attorney General, as 47 Maine residents were impacted.

According to the communications from the company, the compromised data includes name, address, date of birth, Social Security number, health insurance information, and medical information.

“On February 12, 2024, CRL detected suspicious activity in its network environment. Upon discovery of this incident, CRL promptly took steps to secure its network and engaged a specialised cyber security firm to investigate the nature and scope of the incident,” the letter from Consulting Radiologist said.


“As a result of the investigation, CRL learned that an unauthorised actor accessed certain files and data stored within our network.”

The company identified that sensitive data was impacted on 17 April after a “time-consuming and detailed reconstruction and review of the data stored on the server at the time of this incident”.

“At this time, we have no evidence any of the information has been misused by a third party, but because information related to you was disclosed, we are notifying you out of full transparency,” the company said.

While the letter does not name a threat actor, the LockBit ransomware gang claimed to have successfully hacked Consulting Radiologists on 27 April, with a ransom deadline of 9 May. The gang also posted several screenshots of documents obtained in the hack.

However, while it was listed on several threat feeds at the time, the post is no longer live on LockBit’s darknet leak site.

To make matters more confusing, the Qilin ransomware operation made a similar post on the same day, 27 April, claiming to have nearly 95,000 files totalling 70 gigabytes of data. Qilin also shared some sample data, including banking information, insurance documents, patient data, and scans of employee passports.

The Qilin post is still live on its leak site, but the gang has not posted any further data as of the time of writing.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.