Contact Contact Us

Hackers Extort Home Care Service Provider with Data Stolen in 2018 Breach

CarePartners, a Canadian home care service provider, is still trying to contain the fallout from a data breach that took place in June 2018. The threat actor using the pseudonym "team_orangeworm" is selling the stolen data for 5 BTC (~US$17,000), which contain the company's financial documents and the full medical records of 80,000 patients. CarePartners has not confirmed or denied the extortion demand and has previously stated that only 627 patients and 886 employees were affected in the 2018 breach. The healthcare provider also did not confirm if the incident involved the hacker group Orangeworm, which has been targeting healthcare organisations in the US, Europe and Asia with the Kwampirs backdoor.

[1] “Team Orangeworm” Claims to be Dumping CarePartners’ Data from 2018 Breach
[2] Update: Hackers Release CarePartners Employees’ Wage Statements and Other Financial Files

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883