The North Cottage Program, a Massachusetts addiction treatment center, this week confirmed it notified 6,650 current and former clients of a May 2024 data breach that compromised names, Social Security numbers, addresses, medication info, health insurance info, treatment plans, provider notes, and dates of birth.
The notice (PDF) to victims states, “NCP discovered a network security incident involving an unauthorized party gaining access to our network environment on May 16, 2024.”
Ransomware group Qilin claimed responsibility for the attack on June 4, 2024.
North Cottage has not verified Qilin’s claim. We do not yet know how much Qilin demanded in ransom, whether North Cottage paid it, or how attackers breached North Cottage’s network. Comparitech contacted North Cottage for comment and will update this article if it responds.
North Cottage is offering eligible victims 24 months of free identity monitoring via Identity Defense. The enrollment deadline is November 18, 2024.
Who is Qilin?
Qilin, also known as Agenda, is a Russia-based hacking group that mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and offers ransomware-as-a-service to third parties. Most but not all of its targets are in Asia and Africa. Its attacks usually involve double extortion, in which Qilin demands payment to decrypt files encrypted by its ransomware, as well as a second payment in exchange for not releasing or selling stolen data.
Qilin claimed responsibility for 15 confirmed ransomware attacks so far this year, two of which were against healthcare organizations. They include London’s Synnovis, which caused widespread disruptions to millions of patients in the UK. Synnovis reportedly paid Qilin a $50 million ransom. Qilin’s other healthcare-related attack was on Schneider Regional Medical Center.
Qilin claimed another 94 attacks so far in 2024 that haven’t been confirmed by victims.
Ransomware attacks on US healthcare
Aside from data theft, ransomware attacks on hospitals, clinics, and other healthcare entities can disrupt operations and grind medical services to a halt. Ransomware can cripple computer systems used for appointment booking, access to medical records, billing, payroll, phone and email systems, and more.
So far in 2024, Comparitech researchers have logged 60 attacks on US healthcare companies, affecting almost 6.6 million records.
The North Cottage Program isn’t the first social services organization hit by ransomware. Similar recent attacks include those on Brockton Area Multi-Services, Therapeutic Health Services, Turning Point of Central California, and Arisa Health.
Another 113 ransomware attacks on US healthcare entities have been claimed but not confirmed in 2024.
About The North Cottage Program
The North Cottage Program is a residential facility for adult males struggling with substance addiction. Its main service consists of two phases: a live-in intensive treatment program, followed by a halfway house. The facility has 146 treatment beds plus additional graduate housing.