2 min read

Hackers publish patient data stolen from two US hospital chains

Graham CLULEY

February 09, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hackers publish patient data stolen from two US hospital chains
  • Ransomware gang Conti blamed for attack on Florida-based Leon Medical Center
  • Malware delivered via a poisoned document mistakenly opened by staff member

The Florida-based Leon Medical Center and Nocona General Hospital in Texas have suffered attacks from hackers that have resulted in extensive information about their patients being published on the internet.

As NBC News reports, “at least tens of thousands” of files containing patients’ names, addresses, birthdays, social security numbers, Medicaid numbers, prescription details, health insurance information, medical diagnoses, and scan results have been posted on the dark web in what is seemingly an attempt to extort money from the organisations.

Some of the information is extremely personal, such as an Excel spreadsheet named “2018_colonoscopies” which contains the names of 102 patients, the date and details of their procedures, and an indication of whether they have a “normal colon” or not.

Leon Medical Center, which operates at eight locations in Florida, announced in January that it had discovered in November 2020 that it had fallen victim a malware attack.

The DataBreaches.net blog reported that the attack was the work of the Conti ransomware gang, and that the hackers claimed to have infected the hospital chain’s systems initially by sending an employee a boobytrapped document which exploited a serious remote code execution vulnerability in SMBv3 that Microsoft patched in March 2020.

Unfortunately it appears that hundreds of thousands of former and current patients and employees may be impacted as a consequence of that failure to properly secure systems.

Yolanda Foster, a Leon Medical Center spokesperson, told NBC News that it was working with third-party cybersecurity experts to investigate the breach, and would be directly contacting affected individuals as soon as possible.

Curiously, although Nocona General Hospital has also had sensitive medical details published on the web, the firm is reported by NBC News to have not been hit by ransomware, and that its data was not encrypted following exfiltration.

Brian Jackson, an attorney representing Nocona, also told the media outlet that the healthcare provider had not received a ransom demand:

“I can’t tell you with absolute certainty that they did not send a ransom demand,” he said in a phone call. “I can tell you we did not open one.”

It’s unclear what benefit there is for criminal gangs to publicly dump on the web the sensitive medical information of patients when a ransom is not received, other than to send a message to future victims that their threats are genuine.

At the end of October 2020, the US government issued an updated warning about the threat posed by ransomware against the US healthcare industry, specifically calling out Conti, and its close cousin Ryuk.

Unfortunately that warning does not seem to have been enough to protect some US hospitals from being attacked and their patients and workers being put at risk.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read