← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Alberta Healthcare Flooder - 03.29.26
WHITE Disable_Duck 2026-03-29 Modified: 2026-03-29
35
IOCs
MEDIUM VOLUME
Unclear why or how - but one monitored system is presently impacted with a strain (or variant of VECT Ransomware). It is being flooded with what appears to be PII/PHI from Alberta Health Services & Covenant Health in Alberta Canada. I don't believe this is tied to my unrecovered credentials (appears to be use/abuse /data-theft of active credentials & data exfiltration. I captured some of it to analyze 'what is happening'. Many guesses, not explanation. It's still going (filling one monitored device). This pulse is a small sample of a great deal of data relevant to AHS/Cov. Health/Gov. Alberta. Unclear what to do to mitigate this.
AlbertaHealthServicesPIIEducationCovenant HealthAHSPHINurses
Indicators of Compromise (35)
All domain hostname URL
TYPEINDICATORDESCRIPTIONCREATED
domain covenanthealth.ca 2026-03-29
domain alberta.ca 2026-03-29
domain albertahealthservices.ca 2026-03-29
hostname asc.covenanthealth.ca 2026-03-29
hostname esstest.covenanthealth.ca 2026-03-29
hostname esstest2.covenanthealth.ca 2026-03-29
hostname my.covenanthealth.ca 2026-03-29
hostname prod2-test.covenanthealth.ca 2026-03-29
hostname temp-ess.covenanthealth.ca 2026-03-29
hostname test2-test.covenanthealth.ca 2026-03-29
hostname tmpuat-extcontent.covenanthealth.ca 2026-03-29
hostname trn-asc.covenanthealth.ca 2026-03-29
hostname uat-asc-staff.covenanthealth.ca 2026-03-29
hostname uat-extcontent.covenanthealth.ca 2026-03-29
hostname videos.covenanthealth.ca 2026-03-29
URL http://esstest2.covenanthealth.ca/ 2026-03-29
URL http://temp-ess.covenanthealth.ca/ 2026-03-29
URL https://careers.covenanthealth.ca/covenant/jobs/search/109026508 2026-03-29
URL https://careers.covenanthealth.ca/info/help 2026-03-29
URL https://careers.covenanthealth.ca/jobs/469016/other-jobs-matching/location-only 2026-03-29
URL https://careers.covenanthealth.ca/jobs/hr-client-partner-469016 2026-03-29
URL https://careers.covenanthealth.ca/jobs/registered-nurse-1957-50-emergency-469015 2026-03-29
URL https://covenanthealth.ca/about/centres-and-institutes/palliative-institute/compassionate-alberta/plan-ahead 2026-03-29
URL https://covenanthealth.ca/about/centres-and-institutes/palliative-institute/compassionate-alberta/plan-ahead/advance-care-planning 2026-03-29
URL https://covenanthealth.ca/locations/killam-health-centre 2026-03-29
URL https://covenanthealth.ca/sites/default/files/2023 2026-03-29
URL https://covenanthealth.ca/sites/default/files/css/css_Es4vSNLa 2026-03-29
URL https://covenanthealth.ca/sites/default/files/css/css_rYxlr 2026-03-29
URL https://covenanthealth.ca/sites/default/files/styles/responsive_768/public/2026 2026-03-29
URL https://covenanthealth.ca/sites/default/files/styles/square/public/2026 2026-03-29
URL https://covenanthealth.ca/themes/custom/cvh_web/cvh 2026-03-29
URL https://covenanthealth.ca/themes/custom/cvh_web/dist/fonts/Avenir 2026-03-29
URL https://covenanthealth.ca/themes/custom/cvh_web/logo.svg 2026-03-29
URL https://ess.covenanthealth.ca/ 2026-03-29
URL https://videos.covenanthealth.ca/ 2026-03-29
References (2)
↗ Delll from Hell