CareSource victim of Cl0p attack, patient data allegedly leaked


Cl0p ransomware gang has leaked private patient data allegedly belonging to CareSource, one of the US’ largest Medicaid-managed healthcare plan providers.

The Russia-linked ransomware gang leaked a 40GB dataset that allegedly belongs to CareSource, an Ohio-based nonprofit organization providing public health care programs, including Medicaid, Medicare, and Marketplace.

CareSource data leak
Size of the leaked data set posted on the dark web | Image by Cybernews

The leaked dataset included a treasure trove of personal information, including full names, addresses, dates of birth, emails, and phone numbers. As well as this, the cybercriminals leaked sensitive healthcare information such as drugs prescribed, risk groups, and patients’ treatment details.

“The company doesn't care about its customers, it ignored their security!!!” wrote Cl0p on their website, hosted on the dark web, where the dataset was released.

CareSource data leak
Dataset posted on the dark web | Image by Cybernews

The company most likely fell victim to a ransomware attack, which occurs when malware is installed onto the company’s internal systems and encrypts the data. Subsequently, cybercriminals demand a ransom for the decryption and if their demands are not met, they leak private data to the public.

Cybernews contacted CareSource for a comment but received no response at the time of writing.

CareSource data leak
Leaked patients' treatment information | Image by Cybernews

The alleged data leak is dangerous since it contains sensitive private data and personally identifiable information (PII), which allows threat actors to launch targeted phishing campaigns. CareSource has over 2.3 million members.

The Cl0p ransomware gang emerged in 2019 and quickly became a prominent player in the ransomware landscape. By November 2021, their earnings were estimated to have reached as high as $500 million.

Despite a hiatus prompted by the arrest of key members in late 2021, Cl0p's activities resumed in March. Since then, the gang has been extremely active, adding numerous victims daily. Among their victims are well-known companies such as Shell, Hitachi, Bombardier, Stanford University, Rubrik, and more.