SalusCare Files Lawsuit Against Amazon to Get Access to AWS Audit Logs to Investigate Data Breach

SalusCare, a behavioral healthcare services provider based in Southwest Florida, encountered a cyberattack in March that resulted in the exfiltration of patient and employee data from its systems. SalusCare did not confirm the specific strategy employed to get access to its computers, but the cyberattack is thought to have begun through a phishing email with malware download. The attacker exfiltrated all of its database content to an Amazon AWS storage account.

The cyberattack happened on March 16, 2021 and, according to the breach investigation, the attacker seemed to be located in Ukraine. The attacker acquired access to SalusCare’s Microsoft 365 environment, stole sensitive information, and loaded it to two Amazon S3 storage buckets.

Amazon was informed regarding the criminal activity and it revoked access to the S3 buckets so that the attacker could not access the stolen information. SalusCare asked for copies of the audit logs, which it needs to proceed with investigating the breach and determining specifically what information was taken. SalusCare additionally would like to ensure that the suspension is irreversible and won’t be removed by Amazon.

The S3 buckets were employed to keep SalusCare data, however, Amazon won’t voluntarily give copies of the audit logs or the information kept in the S3 buckets since SalusCare does not own them. The two S3 buckets are known to contain about 86,000 files stolen during the attack.

In order to obtain copies of the audit logs and information, SalusCare submitted a lawsuit in federal court requesting injunctive relief under the Computer Abuse and Recovery Act of Florida. SalusCare is seeking a decision that will force Amazon to give audit logs access and a copy of the two S3 buckets content. SalusCare additionally would like the courts to mandate Amazon to suspend access permanently to keep the attacker from having data access or copying the stolen data to a different cloud storage service. SalusCare has likewise sued the person associated with the attacks – John Doe.

The lawsuit asserted that the stolen data, which was hosted by Amazon is highly sensitive and can be employed for identity theft, selling on the darknet marketplaces, or exposure to the general public.

In the petition filed by SalusCare to the U.S. District Court in Fort Myers, it explained that the files consist of extremely personal and sensitive files of the psychiatric and addiction counseling and treatment of patients. The files additionally include sensitive financial data like credit card numbers and Social Security numbers of SalusCare employees. and patients.

The lawsuit is seeking that after Amazon gives SalusCare a copy of the information and audit logs, the S3 buckets must be cleared to stop any more unauthorized access.

Amazon didn’t go against any injunctive relief desired by SalusCare. On March 25, 2021, The News-Press reports that the request has been granted by a District Court federal judge.