SpaceBears Ransomware Attack Exposes Lee Trevino Dental's Patient Data

Incident Date:

June 15, 2024

World map

Overview

Title

SpaceBears Ransomware Attack Exposes Lee Trevino Dental's Patient Data

Victim

Lee Trevino Dental (USA,TX)

Attacker

SpaceBears

Location

El Paso, USA

Texas, USA

First Reported

June 15, 2024

Ransomware Attack on Lee Trevino Dental by SpaceBears

Overview of Lee Trevino Dental

Lee Trevino Dental, a well-established dental practice in El Paso, Texas, has been providing comprehensive oral healthcare services for over 45 years. The practice offers preventive care, restorative treatments, cosmetic dentistry, and emergency dental care. Known for its patient-centered approach and use of advanced dental technologies, Lee Trevino Dental has built a strong reputation in the local community.

Details of the Ransomware Attack

In mid-March 2024, the ransomware group SpaceBears claimed responsibility for a cyberattack on Lee Trevino Dental. The attack resulted in a significant data breach, exposing sensitive personal and financial information of both patients and staff. The compromised data includes email addresses, residential addresses, telephone numbers, and photos of patients.

About SpaceBears

SpaceBears, a ransomware group first detected in April 2024, has targeted several prominent organizations. The group operates a dark web leak site for double extortion, where stolen data is used to extort victims in addition to encrypting files. SpaceBears is associated with the Faust operator, an affiliate of the Phobos ransomware-as-a-service group, indicating its sophistication and ties to established ransomware networks.

Penetration and Impact

SpaceBears likely penetrated Lee Trevino Dental's systems through vulnerabilities in their cybersecurity infrastructure. The attack has severe financial implications, potential reputational damage, and loss of customer trust for the dental practice. The group's tactics reflect a broader shift in the ransomware landscape, emphasizing data exfiltration and double extortion.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.