Ransomware gang Medusa has claimed responsibility for an April 29, 2024 data breach at Brockton Area Multi-Services, a non-profit organization for people with developmental disabilities and mental health challenges in Massachusetts.
BAMSI on Friday notified 23,705 people of the April data breach that compromised their private information. The data included names, Social Security numbers, dates of birth, driver’s license or state ID card numbers, account numbers, diagnosis or treatment information, and health insurance information.
Medusa is demanding $400,000 in exchange for not selling or publicly releasing the allegedly stolen data.
BAMSI has not confirmed Medusa’s claim. We do not yet know how attackers breached BAMSI’s systems, if any systems were encrypted, or whether BAMSI intends to pay the ransom. Comparitech contacted BAMSI for comment and will update this article if it replies.
We recommend victims take advantage of the free credit monitoring offered by BAMSI via IDX.
Who is Medusa?
Medusa first surfaced in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay twice: once to decrypt their systems, and once for not selling or publishing stolen data.
Other recent Medusa victims include Traverse City Area Public Schools, Lee University, Chemring Group, and headhunting firm Boyden.
Medusa has claimed 20 confirmed attacks worldwide so far this year. It’s responsible for 59 confirmed attacks since it began operating, according to our data. Its average ransom is $790,000.
About BAMSI
Founded in 1975, Brockton Area Multi-Services, Inc (BAMSI) is a non-profit social services organization in Brockton, Massachusetts. It caters to people with developmental disabilities and mental and behavioral health challenges, ranging from addiction to traumatic brain injuries. BAMSI operates group homes, substance use disorder services, adult care, HIV/AIDS services, behavioral health services, childcare, early intervention, WIC care, community centers, and employment services in the local community.
BAMSI’s website says the organization impacts more than 50,000 individuals per year.