Dissent Doe  6d ago

Also NEW by me:

"If threat actors gave you a chance to redact the patient data they hacked before they leak it, would you take them up on the offer? Read about the Woundtech incident."

I've never encountered any threat actors spending so much time redacting patient data before they leak it -- and even giving their victim the opportunity to redact the hacked data tranche before the threat actors leak it.

Read more about this one at:

https://databreaches.net/2026/03/23/if-threat-actors-gave-you-a-chance-to-redact-the-patient-data-they-hacked-before-they-leak-it-would-you-take-them-up-on-the-offer-read-about-the-woundtech-incident/

#databreach #healthsec #woundtech #cybersecurity #redaction #incidentresponse #FulcrumSec

@zackwhittaker @campuscodi @euroinfosec @DysruptionHub @amvinfe

Show threadamvinfe5d ago

@PogoWasRight @zackwhittaker @campuscodi @euroinfosec @DysruptionHub

I had never come across groups willing to redact sensitive data, nor had I ever seen a group offer to do so directly to its victim. As you point out, there is no certainty regarding FulcrumSec’s claims, but apparently there are no denials either.
If all of this were true, we would be dealing with an entity that was negligent both at the IT level and at the managerial level - and, above all, remarkably irrational.
I struggle to understand the logic behind their choices: they were willing to pay to prevent the data from being exposed, but not when it came to having it redacted? What kind of sense does that make?

Show threadDissent Doe  

@amvinfe

What makes it crazier is that they were not asked to pay for redaction. They were asked to redact the data tranche themselves or have a proxy redact it and then the threat actors would leak the redacted data and not unredacted data.

So they were willing to pay to delete the data but not willing to redact the data before it gets leaked because they didn't pay.

I'm sure legal counsel for victims can come up with justifications for not agreeing to redact their patient data so that unredacted data isn't leaked, but I'm just scratching my head over this one and I wonder what plaintiffs' lawyers will do about this aspect in the litigation.

@zackwhittaker @campuscodi @euroinfosec @DysruptionHub

Mar 24 at 12:02amWeb
Show threadamvinfe5d ago

@PogoWasRight

Exactly: this is precisely the additional critical element likely to further aggravate any potential litigation. But Woundtech’s conduct goes beyond mere negligence—it is a sequence of serious and hardly justifiable failures. They got everything wrong: data publicly exposed, lack of encryption, outdated and unpatched systems. This is not an isolated oversight, but a systemic failure. The entire decision-making chain demonstrated a profoundly inadequate response, with responsibility that appears widespread and structural.

@zackwhittaker @campuscodi @euroinfosec @DysruptionHub