Medical diagnostic lab SiParadigm this week confirmed it notified 26,534 people about a June 2024 data breach that compromised names, Social Security numbers, dates of birth, addresses, and medical information.
Ransomware gang Akira claimed responsibility for the attack in July 2024, saying it stole 114 GB of data. Akira further claimed to have stolen passports, non-disclosure agreements, driver’s licenses, birth certificates, and financial info.
SiParadigm discovered the breach on June 11, 2024 and started notifying breach victims in August. The company has not verified Akira’s claim. We do not yet know how much money Akira demanded, whether SiParadigm paid a ransom, or how attackers breached the company’s network. Comparitech contacted SiParadigm for comment and will update this article if it responds.
The notice sent to victims states, “The thrid-party digital forensic investigation determined that an unauthorized party could have ad hacces to your health information. Specifically, files relating to diagnostics and related services stored in a siParadigm network location that was subject to the unauthorized activity.”
Eligible victims can sign up for free credit monitoring and ID theft protection offered by SiParadign via CyberScout. The enrollment deadline is 90 days from receipt of the notice letter.
Who is Akira?
Akira is a ransomware gang that first emerged in March 2023. Its targets span education, finance, manufacturing, real estate, and healthcare. It often extorts victims twice: once in exchange for a decryption key to restore systems, and again in exchange for not selling or publicly releasing stolen confidential data.
Comparitech researchers logged 86 confirmed ransomware attacks claimed by Akira since the group began operating, affecting 711,000 records. Its average ransom is $825,000.
Akira’s previous victims in the healthcare industry include Michael Garron Hospital, Southland Integrated Services, and Healix Infusion Therapy.
Akira claimed another 132 ransomware attacks that haven’t been acknowledged by victims so far in 2024.
Ransomware attacks on US healthcare
We logged 63 confirmed ransomware attacks on US healthcare entities so far in 2024, affecting nearly 7 million records. The average ransom across these attacks is—coincidentally—$825,000.
Other recently confirmed attacks on Us healthcare include:
- Access Sports Medicine and Orthopaedics, claimed by Inc in May 2024, 88,044 records
- North Cottage Program, claimed by Qilin in May 2024, 6,650 records
- Gramercy Surgery Center, claimed by Everest in June 2024, 50,554 records
In 2024, Comparitech tracked another 118 claimed-but-unconfirmed ransomware attacks on US healthcare.
About SiParadigm
Based in Pine Brook, New Jersey, siParadigm is a medical diagnostic laboratory with an emphasis on oncology. Outside of the US, SiParadigm also provides services in Puerto Rico, Colombia, Pakistan, and Egypt, according to its website.