Team Orangeworm hacker group is responsible for CarePartners’ data breach from 2018


Remember when back in June 2018, CarePartners, a home care service provider to Ontario’s Local Health Integration Networks (LHINs) and an Ontario-based community health care agency, have been breached?
If you do or even worse if you have been a victim of this breach we have spectacular news for you today.

The affected company have just announced this morning that its cybersecurity experts have identified 627 patient files and 886 employee records that were accessed.

Since July, no one had any updates about the incident for a long time, but soon after this press release, “team_orangeworm” hacker group released a sample file showing that the numbers revealed by the company are very small compared to whole incident scale. For now, the hackers identities remains an unknown detail; the only thing known for sure is that the “orangeworm” CarePartners was hacked by them and all of their patient and company data was stolen as a result.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Because CarePartners didn’t release the requested payment for not reviling patients medical files

The hackers released two data dumps. The first, an 891 MB compressed archive, contains

Company Financial documents. Hundreds of employee T4 statements with SINS, DOB, Name, Address company banking information, accounts payable and wire transfers.

The second dump includes over 80,000 complete patient medical files, SINS, address, fullname, DOB, phone, health card numbers, medical conditions, and treatments. But regarding this second dump, there is a trick: the patient file is encrypted and “Team Orangeworm” demand 5 BTC from anyone who wants to buy it.

Soon after this, CarePartners was requested to release a comment.
A spokesperson said:

“CarePartners reminds patients and employees that they continue to monitor their personal and personal health information, including online accounts”.
That is it! Literally no mention about the alleged hackers that threatened to publicly dump data or sealing it.

Also, CarePartners’ spokesperson declined to confirm or deny whether CarePartners would now pay any extortion demand or “request.”

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.