Security News > 2020 > February > Hacking of Accounting Firm Affects Medical Group
An apparent ransomware attack on an accounting firm in December exposed the patient data of Community Care Physicians, a large upstate New York medical group, as well as other clients of the firm.
Some of the data that was breached as a result of the attack on Albany, New York-based BST & Co. CPAs LLC has shown up on the publicly accessible website of ransomware gang Maze, which purportedly names and shames victims into paying ransoms, says Brett Callow, a threat analyst with the security firm Emsisoft.
"On this network was data for some of BST's local clients to whom the company provides accounting and tax services, including the medical group, Community Care Physicians," BST's statement says.
In a statement, acknowledges that it was a victim of the BST incident and notes that the accounting firm was sending notification letters to individuals whose data "Was part of the CCP file on the BST network."
Vendors providing professional services have been implicated in other large health data breaches - including the largest incident in 2019 - a hack on American Medical Collection Agency, which affected more than two dozen of the firm's clients and 20 million individuals.
News URL
https://www.inforisktoday.com/hacking-accounting-firm-affects-medical-group-a-13746