2 min read

Hackers publish patient data stolen from two US hospital chains

Graham CLULEY

February 09, 2021

Hackers publish patient data stolen from two US hospital chains
  • Ransomware gang Conti blamed for attack on Florida-based Leon Medical Center
  • Malware delivered via a poisoned document mistakenly opened by staff member

The Florida-based Leon Medical Center and Nocona General Hospital in Texas have suffered attacks from hackers that have resulted in extensive information about their patients being published on the internet.

As NBC News reports, “at least tens of thousands” of files containing patients’ names, addresses, birthdays, social security numbers, Medicaid numbers, prescription details, health insurance information, medical diagnoses, and scan results have been posted on the dark web in what is seemingly an attempt to extort money from the organisations.

Some of the information is extremely personal, such as an Excel spreadsheet named “2018_colonoscopies” which contains the names of 102 patients, the date and details of their procedures, and an indication of whether they have a “normal colon” or not.

Leon Medical Center, which operates at eight locations in Florida, announced in January that it had discovered in November 2020 that it had fallen victim a malware attack.

The DataBreaches.net blog reported that the attack was the work of the Conti ransomware gang, and that the hackers claimed to have infected the hospital chain’s systems initially by sending an employee a boobytrapped document which exploited a serious remote code execution vulnerability in SMBv3 that Microsoft patched in March 2020.

Unfortunately it appears that hundreds of thousands of former and current patients and employees may be impacted as a consequence of that failure to properly secure systems.

Yolanda Foster, a Leon Medical Center spokesperson, told NBC News that it was working with third-party cybersecurity experts to investigate the breach, and would be directly contacting affected individuals as soon as possible.

Curiously, although Nocona General Hospital has also had sensitive medical details published on the web, the firm is reported by NBC News to have not been hit by ransomware, and that its data was not encrypted following exfiltration.

Brian Jackson, an attorney representing Nocona, also told the media outlet that the healthcare provider had not received a ransom demand:

“I can’t tell you with absolute certainty that they did not send a ransom demand,” he said in a phone call. “I can tell you we did not open one.”

It’s unclear what benefit there is for criminal gangs to publicly dump on the web the sensitive medical information of patients when a ransom is not received, other than to send a message to future victims that their threats are genuine.

At the end of October 2020, the US government issued an updated warning about the threat posed by ransomware against the US healthcare industry, specifically calling out Conti, and its close cousin Ryuk.

Unfortunately that warning does not seem to have been enough to protect some US hospitals from being attacked and their patients and workers being put at risk.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read