Data Breach

Unresolved Details About Their July Ransomware Incident Remain Unanswered

Parker Bytes January 4, 2024

Blimey! Have you heard about the kerfuffle with Parathon by JDA e-Health? Now, if you’re into health care or cybersecurity (oh, lucky you!), you’ll want to hear about this.

So, it was last August that this outfit popped up on what’s known as the Akira ransomware leak site. A bit like a digital rogue’s gallery for cyber attackers, you could say. Despite a flicker of interest from the web’s cyber-sleuths, both Akira and Parathon decided to keep shtum. As you might expect, that raised a couple of eyebrows in the online community.

Fast forward to the spooky eve of Halloween, and Parathon finally came out with their hands up. They admitted they’d found signs of a cyber attack on July 27 and spotted some bloke (or bird, let’s not discriminate) trying to wriggle through their computer’s backdoor, hoping for a bit of ransom money.

Now, here’s the bit that might make you wince – the dodgy cyber geezer could’ve gotten hold of personal information like names, addresses, and, heaven forbid, protected health information. It’s not exactly clear cut, since apparently, the information harvested wasn’t the same for everyone and didn’t involve things like passwords, financial information, or national insurance numbers.

And have they abused this sneaky haul? So far, it doesn’t appear so, but Parathon is playing it safe by sending out letters and offering resources for protection against any potential digital shenanigans, including credit monitoring and identity theft protection.

But let’s address the elephant in the room – when Parathon says it has taken “all efforts possible” to protect people, what does that actually mean? Did they cough up the ransom? Interestingly, their name vanished from Akira’s naughty list at some point after the incident, leading to a fair bit of chin-wagging.

Now here is the really fishy part, they work with numerous HIPAA-covered entities, mainly offering services to health organisations. Yet, there is no word on how many patients were affected. Have we got a trickle or is this more of a flood situation? And despite whispers of NorthShore University Health System being affected, there’s no official word on it yet from Parathon.

And as for the big question, did they notify HHS about their cyber security faux pas? And did they end up paying their digital tormentor? The answers are still up in the air. A quick digital nudge sent their way last week didn’t yield any new information. We’re left twiddling our thumbs, waiting for some answers.

Right then, dear reader, that’s your lot for now! Something to mull over with your morning cuppa, isn’t it?

by Parker Bytes