A healthcare alliance consisting of two upstate New York hospitals and an orthopedic group has filed a lawsuit against the LockBit group for allegedly stealing patient data. The lawsuit aims to force a Massachusetts-based cloud services vendor to return the stolen data that was allegedly stored on the vendor’s servers. The identity of the attackers is currently unknown. The hospital group is seeking injunctive relief to prevent the access and transfer of the stolen data, and to have all copies destroyed once returned. The hospitals need access to the data to identify and notify individuals whose information may have been compromised. The cloud services vendor, Wasabi Technologies, has not commented on the ongoing legal matter. The data breach occurred when the attacker gained access to the hospital group’s IT infrastructure and transferred the stolen data to Wasabi’s cloud server. The legal case raises considerations for technology firms whose services may be used by cybercriminals for illicit activities.
