Skip to main content
A white-haired woman looks at her computer with concern as she realizes her important online data was breached.

Carespring Ransomware Attack Investigation

The Lyon Firm is investigating claims of an alleged ransomware attack on Carespring, which could potentially impacted thousands of individuals. The investigation is ongoing, and new details will be reported on as soon as they are confirmed or denied by Carespring. 

What Happened?

The NoEscape ransomware gang claims to have recently hit two medical entities: Southeastern Orthopaedic Specialists, P.A. in North Carolina, and Carespring, a healthcare organization that provides skilled nursing, memory care, rehabilitation, and independent or assisted living options throughout Cincinnati, Dayton, and Northern Kentucky.

According to NoEscape, they locked up Carespring’s files on November 10, 2023 and exfiltrated 364 GB of files that may include personal data of employees and patients, and medical records.

Carespring has reportedly not responded to the NoEscape threats, leading NoEscape to post the following statement:

“We advise you not to bring the situation to a critical level and contact us  soon is possiple. If you guys continue to remain silent, we will begin to deal new blows to your network, and a data leak will entail lawsuits, proceedings, compensation payments and multimillion-dollar losses, we think you have already become familiar with the file tree, so you should understand what kind of data we have. If you do not contact us before the end of the timer, we will begin partial publication of the data. We are your last chance to get out of this situation with minimal losses. Time is running out.”

NoEscape, believed to be a successor of Avaddon, a ransomware group that was shut down in 2021, first emerged in May 2023 and has already made a name for itself by using aggressive tactics to extort victims. NoEscape is labled as a Ransomware-as-a-Service (RaaS) group by cybersecurity experts and has been seen encrypting files on a victim’s computer and demanding ransoms, as well as providing information and assistance to other cybercriminals.

It is important to note again that Carespring has not confirmed any data breach at this point and NoEscape has not posted any actual proof of these serious claims. The Lyon Firm will continue to update news of any ransomware attack developments related to Carespring or Southeastern Orthopeadic Specialists.