WoundTech, a Florida-based healthcare provider specializing in wound care management, has allegedly been compromised in a catastrophic data breach involving highly sensitive medical information. The threat actor group known as Fulcrum Security claims to have exploited vulnerabilities in the company’s cloud infrastructure, specifically unencrypted S3 buckets and credentials left in Terraform state files. The actors have released a detailed investigation report and sample data, asserting that they have accessed approximately 3.8TB of data, with a confirmed exposure of over 160,000 unique patients. The breach is notable for the extreme sensitivity of the exposed content, which allegedly includes graphic wound photographs and unredacted clinical narratives.
According to the actor, the compromised data is extensive and includes:
-
Full Patient Names and Demographics: Dates of birth, home addresses, phone numbers, and emergency contacts.
-
Government IDs: Social Security Numbers (SSNs) found in PDF referral documents.
-
Medical Records: Complete medical histories, including HIV status, psychiatric conditions, and detailed substance abuse history (e.g., heroin and methamphetamine use).
-
Clinical Media: Approximately 93,000 graphic clinical wound photographs, some depicting intimate anatomical areas.
-
Clinical Notes: 4.6 million narrative notes detailing domestic violence situations, patient confessions, and treatment progress.
-
Insurance Information: Capitation records, subscriber IDs (Blue Shield, United Healthcare, etc.), and claims data.
-
Employee Data: Records for nearly 3,000 staff members, including performance reviews and salaries.
-
Technical Secrets: Production database credentials, Azure AD secrets, and API keys.
