Posted on February 6, 2021 at 12:00 PM
A recent report revealed that detailed medical reports of thousands of patients from two U.S. hospitals have been compromised and uploaded to a dark web forum.
The files stolen from the Nocona General Hospital and Leon Medical Centers contained details such as medical diagnosis, birthdates, addresses, as well as names of the patients.
The published files also include letters to insurers and thousands of scanned diagnostic, based on the report.
Last month, Leon Medical Centers revealed that its computer systems had been compromised and infiltrated with malware in November last year. According to the medical center’s report, the hacking incident gave the threat actors access to patients’ PHI.
Investigation of the incident ongoing
A spokesperson of Leon Medical Center stated that the company is working closely with third-party forensic experts to investigate the hacking incident.
“As soon as possible, we will provide direct notifications to any affected individuals,” the spokesperson added.
Nocona General Hospital serves three locations in Texas while Leon Medical Centers serve eight locations in Miami.
Ransomware attacks on hospitals very critical
Ransomware attack on hospitals is dangerous to patients because some of them may be denied the immediate care and treatment their illnesses require. The health workers may not be able to access the health records of the patients. And if information like medication allergies and other records are not readily available, proper treatment becomes difficult. That’s why security teams need to treat an attack on the industry as highly critical.
Caleb Barlow, Chief Executive of cybersecurity consulting company Cynergis Trek revealed that health centers are not capable of dealing with severe cyber attacks.
According to him, several healthcare organizations are not fully equipped for cyberattacks. They do not have enough resources tailored to need such needs after spending most resources on the fight against COVID-19. This makes them vulnerable to attacks. “They are financially strapped because of that pandemic,” he added.
The threat actors responsible for the incident are familiar to the cybersecurity researchers. They operate by encrypting the victims’ files and demanding payment. However, they don’t usually release the files first to the public, which is what these hackers have done.
So, it’s not clear why the hackers compromised the files and decided to release them to the public for free.
The hacking incident shows how hackers have intensified their efforts to target American government computers, schools, small businesses, and hospitals, often planting malware on their systems.
After succeeding in the malware attempt, they generally demand ransom payments from the victims to unlock the malware-infested files. To keep their details safe, they ask the victims to send the payment to Bitcoin or cryptocurrency wallets.
Last year, there were about 560 health care providers affected by ransomware, based on a survey by cybersecurity company Emsisoft. Two months ago, federal agencies alerted health care centers that cybercriminals have increased their spate of attack on hospitals, warning them to beef up their security.
While some ransomware groups are still soft-hearted to declare health centers and hospitals off-limits, others see them as an opportunity to profit from their trade.
Since several hospital chains share the same computer networks across several physical locations, a single case of a ransomware attack can lead to delays in medical procedures across the country.
Callow added that a ransomware attack on the financial sector is not as devastating as an attack on the health sector. According to him, people can easily fix their credits when financial stuffs leaks. “Not so with health stuff. Once it’s out there, it’s out there,” he said.
The hackers didn’t respond to requests for comments sent to their website and email address. Nocona hospital also didn’t give any clue about the situation. The hospital center didn’t seem to have been a victim of the ransomware attack. So, it’s not certain why the hackers chose to release such sensitive details.