Harm patients if the medical facilities don't pay
Extortionists are now threatening to harm hospital patients if the medical facilities don't pay the thieves' ransom demands. They do this by reporting bomb threats or other fictitious reports to the police, causing heavily armed police to come up at victims' houses.
Criminals vowed to turn on the patients directly after breaking into the IT system of Seattle's Fred Hutchinson Cancer Center in November and taking medical documents, including Social Security numbers, diagnoses, and lab results.
Understanding the reasons
The idea seems to be that the US hospital will be under pressure to pay up and stop the extortion because of those patients and the media coverage of any swatting. Similar tactics are used by other groups targeting IT service providers: in addition to extorting the suppliers, they often threaten or harass the customers of those companies.
"Fred Hutchinson Cancer Center was aware of cyber criminals issuing swatting threats and immediately notified the FBI and Seattle police, who notified the local police," a representative said. "The FBI, as part of its investigation into the cybersecurity incident, also investigated these threats."
The cancer center refuses to respond to further questions regarding the threats. The center has more than ten clinics in the Puget Sound region of Washington.
Patients were informed last month about a similar "cyber event" by Integris Health, another Oklahoman health network that runs a network of 43 clinics and 15 hospitals. During this incident, hackers may have gained access to personal information. Some of these individuals later complained that they received emails from unscrupulous people threatening to sell their personal information on the dark web.
What next?
"As we work with third-party specialists to investigate this matter and determine the scope of affected data and to whom that data relates, we are providing the latest information for patients and the public here," the spokesman for Integris said.
Some corporate types may not find these types of boilerplate responses to be as comforting as they seem. Concerning concerns are raised about how far thieves may go to obtain stolen goods in light of this most recent swatting threat.
According to Emsisoft threat analyst Brett Callow, "ransoms have been allowed to reach lottery jackpot levels, and the predictable upshot is that people are willing to use more and more extreme measures to collect a payout," The Register said.
The security shop demanded earlier this week that ransom payments be outlawed entirely, pointing out that extortion methods were evolving and now included swatting threats.