Phished Healthcare Provider Takes Legal Action Against Amazon

An American healthcare provider whose data was allegedly exfiltrated to an Amazon storage account by a cyber-attacker has taken legal action against Amazon. 

As many as 85,688 patient and employee records were compromised last week when a threat actor seemingly based in Ukraine struck SalusCare, the largest provider of behavioral healthcare services in Southwest Florida.

The attacker is believed to have gained access to SalusCare’s Microsoft 365 environment after an employee clicked a malicious link in a phishing email. The action allegedly triggered malware to exfiltrate SalusCare’s entire database to two Amazon S3 storage buckets linked to the same Amazon AWS storage account.

After being notified of the alleged illegal activity, Amazon froze access to the two S3 buckets believed to have been used in the attack. 

SalusCare requested access to the audit logs of the buckets as part of its investigation to determine precisely what data had been breached by the threat actor. However, Amazon refused to supply an audit log or a copy of the data stored in the S3 buckets as they do not belong to SalusCare.

The healthcare provider responded to Amazon’s refusal by filing a lawsuit in federal court on Wednesday seeking for Amazon to be compelled to provide SalusCare with the audit logs and a copy of the contents of the two S3 buckets.

In the lawsuit, SalusCare also sought for Amazon to be ordered to permanently suspend the alleged attacker’s access to the two S3 buckets allegedly containing the healthcare provider’s swiped data. 

In its petition to the US District Court in Fort Myers, SalusCare argued that the sensitive data believed to have been stolen in the attack and stored in the buckets could be sold on the dark net and used to commit identity theft.

“The files contain extremely personal and sensitive records of patients’ psychiatric and addiction counseling and treatment,” explained SalusCare. “The files also contain sensitive financial information such as social security numbers and credit card numbers of SalusCare patients and employees.”

News-Press reports that a judge granted both of SalusCare’s requests on Thursday.

Leave a Reply

Your email address will not be published. Required fields are marked *