Equinox started notifying over 21K affected staff and customers that cyber criminals stole their PII and PHI in an incident that took place earlier this year.
Equinox provides mental health and addiction services, domestic violence support, food and housing, and other community services for kids, adults, and families in New York state’s capital region.
The notification alerts the users about the stolen digital files containing their personal info – name, address, date of birth, Social Security number, driver’s license or other government identification number, passport number, financial account information, health insurance information, medical treatment or diagnosis information, and/or medication-related information.
As per the notification, the incident occurred on April 29 and disrupted the org’s network access and immediately secured its IT environment, hired a top-notch cyber security firm, and started an investigation.
Adding insult to injury, it appears the LockBit ransomware gang to be blamed. On May 18, the LockBit 3.0 ransomware group listed Equinox on its data leak site, claiming to have swiped 49GB of data. The group updated the listing on August 11 and gave the organization until August 25 to respond before eventually leaking 31.8GB of files.
Very useful