Phished Healthcare Provider Takes Legal Action Against Amazon
An American healthcare provider whose data was allegedly exfiltrated to an Amazon storage account by a cyber-attacker has taken legal action against Amazon.
As many as 85,688 patient and employee records were compromised last week when a threat actor seemingly based in Ukraine struck SalusCare, the largest provider of behavioral healthcare services in Southwest Florida.
The attacker is believed to have gained access to SalusCare's Microsoft 365 environment after an employee clicked a malicious link in a phishing email. The action allegedly triggered malware to exfiltrate SalusCare's entire database to two Amazon S3 storage buckets linked to the same Amazon AWS storage account.
After being notified of the alleged illegal activity, Amazon froze access to the two S3 buckets believed to have been used in the attack.
SalusCare requested access to the audit logs of the buckets as part of its investigation to determine precisely what data had been breached by the threat actor. However, Amazon refused to supply an audit log or a copy of the data stored in the S3 buckets as they do not belong to SalusCare.
The healthcare provider responded to Amazon's refusal by filing a lawsuit in federal court on Wednesday seeking for Amazon to be compelled to provide SalusCare with the audit logs and a copy of the contents of the two S3 buckets.
In the lawsuit, SalusCare also sought for Amazon to be ordered ..