INC Ransomware Leaks Videos of Sleeping Patients Allegedly from Persante Health Care

• The INC Ransomware group released videos of sleeping patients as proof of their cyber attack.
• The alleged target is Persante Health Care, a New Jersey-based hospital that provides sleep management services. 
• Researchers expressed concern over the leak of sensitive patient data including visual content.

Persante Health Care, a leading provider of sleep management services has allegedly been targeted in a cyber attack. Recent findings revealed that cybercriminals posted several sample videos purportedly from the health care provider’s database. 

Cybersecurity analyst and security researcher Domonic Alvieri posted a screenshot of a video and commented about the deplorable act of cybercriminals watching videos of sleeping patients.

The threat intelligence was shared on February 17. We contacted Alvieri about the data breach, and he confirmed that members of the INC Ransom group released several samples of videos purportedly from the Persante Health care.

Persante Health Care is headquartered in New Jersey and it provides sleep related services to hospitals across the nation. They serve patients who seek therapy, balance testing, and diagnostics among other support.

We approached the hospital officials regarding the hacker’s claim and will update this story based on their response.

Healthcare providers are increasingly targeted by cybercriminals posing a risk to sensitive patient data. In a recent incident, patients filed a lawsuit against a surgeon for not informing them about a cyber attack that violated their confidentiality and breached their medical information.

The class action lawsuit against the plastic surgeon with offices in Beverly Hills and Dubai read, “Despite charging clients thousands of dollars and having access to their deeply private medical information, Dr. Schwartz disregarded basic security measures necessary to protect that information from malicious cyberattacks.”

The surgeon was allegedly aware of two data breaches that took place in a year and were not disclosed to the patients. The hackers gained access to the entire network and all the patient data which was used to extort the surgeon.

“During the first hack in or about September and October of 2023, the malicious actors downloaded 1.1 terabytes of patient data, reflecting almost 250,000 unique files, the lawsuit stated.

Patients undergoing plastic surgery are left fighting for breached records that included their undressed images and videos taking surgical procedures.