Grace Lutheran Communities attacked by AlphV/BlackCat ransomware gang
Learn More
Grace Lutheran Foundation, operating as Grace Lutheran Communities in Wisconsin and providing a range of services including rehabilitation, assisted living, skilled nursing, and more, reprted a data breach after discovering unauthorized access to their network on January 22, 2024.
On the same day as their announcement, AlphV/BlackCat, a known cybercriminal group, claimed responsibility for the breach on their dark web site, stating they released 70 GB of data from Grace Lutheran Communities due to failed negotiations.
The cyberattack, described by BlackCat as facilitated through phishing and social engineering, reportedly occurred on December 22, with the group claiming easy access to the network and successful encryption of data without detection. Despite Grace Lutheran's offer to meet part of the ransom demand, negotiations stalled, and communication ceased, leading to the public release of the stolen data.
Despite no evidence of data misuse, the breach involved sensitive patient information such as:
- names,
- addresses,
- Social Security numbers,
- health insurance details.
No details are disclosed about the number of affected individuals.
DataBreaches.net, confirmed the presence of both employee and patient information, including extensive medical records and personal details. Following this, Grace Lutheran updated their security notice on February 17, acknowledging the unauthorized publication of data and their ongoing efforts with a cybersecurity firm to address the situation.
