1 Million Plus Medical Record Leak Threatened By Ransomware Group.

by | Mar 7, 2024

Cybercriminals continue to target medical clinics and hospitals, as seen by two recent ransomware attacks on healthcare organisations.

Daixin Team has claimed responsibility for an attack against Texas-based OakBend Medical Center on September 1 that knocked down the company’s IT and communication systems and stole private information.

More than a million documents, including names, dates of birth, Social Security numbers, and details about medical care, are allegedly missing, according to hackers.

It’s not immediately apparent if there were one million affected patients or one million pieces of private and confidential medical information.

The group also threatened a “complete leak” of the information and claimed to have already provided employee personal information as a download. This was likely done to show that the data had been stolen and/or to pressure the healthcare organisation into complying with the extortionists’ demands.

OakBend, which runs three hospitals in a US state, said it turned down the infected systems and “immediately” summoned the major guns, including cybersecurity specialists from the FBI, the local government, Microsoft, Dell, and Malware Protects. Patient safety was never in danger, according to a public statement.

The medical firm published another update today and stated that its email service is operational and that its telephone system has been mostly restored, but without voicemail.

Additionally, Pennsylvania’s largest primary care organisation revealed in a letter to watchdogs last Friday that a “sophisticated” ransomware team broke its network security and gained access to 75,628 people’s names, addresses, Social Security numbers, and medical information.

Medical Associates of the Lehigh Valley learned about the incident on July 3 and “immediately” started working to safeguard its systems, according to a letter [PDF] delivered to patients. The medical group also enlisted the aid of outside specialists to assess the severity of the security lapse and reported the assault to federal law enforcement.

According to the warning, “it was revealed during the investigation that certain data may have been vulnerable to unauthorised access as part of the hack.” The inquiry found that material in the impacted files may have contained patient protected health information (PHI) after a careful study.

According to the alert, the attackers might have gained access to patient names, addresses, email addresses, dates of birth, Social Security numbers, licence numbers, state identification numbers, health insurance providers, information about medical diagnoses and treatments, medication information, and lab results.

In the letter, it was noted that “at this time, MATLV is not aware of any evidence to imply that any information has been fraudulently misused.” MATLV was unable to completely rule out the potential that the data was read during the attack, though.

According to Brett Callow, a security analyst for Emsisoft, at least 13 US healthcare systems with 59 institutions between them had been infected by ransomware in 2022.

In addition to the potential for life-threatening disruptions to patient care, ransomware attacks on the health industry are particularly abhorrent because to the sensitivity of the data that falls into the hands of cybercriminals, notably people’s medical information.Additionally, he continued, “Unless the providers pay, the data is also made available on the dark web, where it is readily accessible to other cybercriminals.” Sadly, the issue of ransomware doesn’t seem to be going away.

For comparison, 1,203 American healthcare providers were affected by these infections and breaches the previous year.