2 min read

Hackers publish patient data stolen from two US hospital chains

Graham CLULEY

February 09, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hackers publish patient data stolen from two US hospital chains
  • Ransomware gang Conti blamed for attack on Florida-based Leon Medical Center
  • Malware delivered via a poisoned document mistakenly opened by staff member

The Florida-based Leon Medical Center and Nocona General Hospital in Texas have suffered attacks from hackers that have resulted in extensive information about their patients being published on the internet.

As NBC News reports, “at least tens of thousands” of files containing patients’ names, addresses, birthdays, social security numbers, Medicaid numbers, prescription details, health insurance information, medical diagnoses, and scan results have been posted on the dark web in what is seemingly an attempt to extort money from the organisations.

Some of the information is extremely personal, such as an Excel spreadsheet named “2018_colonoscopies” which contains the names of 102 patients, the date and details of their procedures, and an indication of whether they have a “normal colon” or not.

Leon Medical Center, which operates at eight locations in Florida, announced in January that it had discovered in November 2020 that it had fallen victim a malware attack.

The DataBreaches.net blog reported that the attack was the work of the Conti ransomware gang, and that the hackers claimed to have infected the hospital chain’s systems initially by sending an employee a boobytrapped document which exploited a serious remote code execution vulnerability in SMBv3 that Microsoft patched in March 2020.

Unfortunately it appears that hundreds of thousands of former and current patients and employees may be impacted as a consequence of that failure to properly secure systems.

Yolanda Foster, a Leon Medical Center spokesperson, told NBC News that it was working with third-party cybersecurity experts to investigate the breach, and would be directly contacting affected individuals as soon as possible.

Curiously, although Nocona General Hospital has also had sensitive medical details published on the web, the firm is reported by NBC News to have not been hit by ransomware, and that its data was not encrypted following exfiltration.

Brian Jackson, an attorney representing Nocona, also told the media outlet that the healthcare provider had not received a ransom demand:

“I can’t tell you with absolute certainty that they did not send a ransom demand,” he said in a phone call. “I can tell you we did not open one.”

It’s unclear what benefit there is for criminal gangs to publicly dump on the web the sensitive medical information of patients when a ransom is not received, other than to send a message to future victims that their threats are genuine.

At the end of October 2020, the US government issued an updated warning about the threat posed by ransomware against the US healthcare industry, specifically calling out Conti, and its close cousin Ryuk.

Unfortunately that warning does not seem to have been enough to protect some US hospitals from being attacked and their patients and workers being put at risk.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read