Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label hospital data. Show all posts

Rhysida Ransomware Takes Responsibility for Bayhealth Hospital Breach

 

The Rhysida Ransomware outfit claims to have infiltrated Bayhealth Hospital in Delaware and is offering the allegedly stolen data for 25 BTC. Bayhealth Hospital is a technologically equipped not-for-profit healthcare facility with around 4,000 employees and a medical team of over 450 physicians and 200 advanced practice clinicians. 

Bayhealth Medical Centre, which covers central and southern Delaware, runs two hospitals, Bayhealth Hospital, Kent Campus in Dover and Bayhealth Hospital, Sussex Campus in Milford, as well as the Bayhealth Emergency Centre in Smyrna. The facility has 316 beds and offers inpatient services such as labour, cardiology, and cancer care.

It also offers outpatient care, support services, community outreach, and imaging. Both the Kent and Sussex campuses include 24-hour emergency departments with Level III trauma centres, as does the Smyrna centre. The Rhysida Ransomware organisation claims to have infiltrated Bayhealth Hospital and added it to the list of victims on their Tor leak website. The group claims to have stolen data from the hospital and is asking for 25 BTC to stop the leak. The hacking outfit released screenshots of stolen passports and ID cards as evidence of the hack. 

“With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data. Open your wallets and be ready to buy exclusive data. We sell only to one hand, no reselling, you will be the only owner!” announced the ransomware gang. 

This is not the first time that the Rhysida ransomware outfit has targeted a hospital. In December 2023, the group claimed to have hacked Abdali Hospital, a multi-specialty hospital in Jordan. At the end of November, the ransomware organisation claimed to have hacked the King Edward VII Hospital in London. The organisation also claimed to have hacked the British Library and the China Energy Engineering Corporation. 

The ransomware group has been active since May 2023. According to the gang's Tor leak site, the operation has affected at least 62 companies. The ransomware group targeted organisations across several industries, including education, healthcare, manufacturing, information technology, and government. The victims of the gang are considered "targets of opportunity.”

Massive Data Breach Hits London Hospitals Following Cyber Attack

 

In a severe cyber attack targeting a London hospital, hackers have published a massive 400GB of sensitive data, raising significant alarm within the healthcare sector. This breach underscores the escalating threat posed by cybercriminals to critical infrastructure, especially within public health services. 

The attack, attributed to a sophisticated hacking group, involved infiltrating the hospital’s IT systems, exfiltrating vast amounts of data, and subsequently releasing it online. The compromised data reportedly includes patient records, internal communications, and operational details, posing severe privacy risks and operational challenges for the hospital. The cybercriminals initially demanded a hefty ransom for the decryption of the stolen data and for not making it public. When the hospital administration, adhering to governmental policies against ransom payments, refused to comply, the hackers followed through on their threat, releasing the data into the public domain. 

This move has not only compromised patient privacy but has also led to significant disruptions in hospital operations. Experts warn that the healthcare sector is increasingly becoming a prime target for ransomware attacks due to the sensitive nature of the data and the critical need for operational continuity. The incident has once again highlighted the urgent need for robust cybersecurity measures within healthcare institutions. Public healthcare providers often operate with complex IT systems and limited budgets, making them vulnerable targets for cyber attacks. 

The ramifications of such breaches are far-reaching, affecting not just the targeted institution but also the patients relying on its services. In response to the breach, the hospital has ramped up its cybersecurity protocols, working closely with cybersecurity experts and law enforcement agencies to mitigate the damage and prevent future incidents. Efforts are also underway to support affected patients, ensuring that their data is secured and providing necessary assistance in the wake of the breach.  

This incident serves as a stark reminder of the persistent and evolving threat landscape that healthcare providers face. It underscores the necessity for continuous investment in cybersecurity infrastructure and the implementation of proactive measures to safeguard sensitive data against potential breaches. 

As the investigation into this attack continues, healthcare institutions worldwide are urged to reassess their cybersecurity strategies, ensuring that they are equipped to defend against such malicious activities. The leak of 400GB of sensitive data stands as a testament to the devastating impact of cybercrime on critical public services, emphasizing the importance of vigilance and robust security practices in the digital age.

Innovative Legal Move Restores Hospital's Stolen Information

 


There has been a handover of patient data stolen by the notorious LockBit gang from a cloud computing company to a New York hospital alliance that is partnered with that company. There was a lawsuit filed by the North Star Health Alliance - a group of hospitals - in November in the hopes of forcing LockBit to return the patient data cybercriminals had stolen from the hospitals and kept on the Massachusetts vendor's servers. 

The lawsuit was filed by North Star Health Alliance in November as a legal manoeuvre to force LockBit to return the patient data. There has been a lawsuit filed against unknown members of the LockBit group by a healthcare alliance of two hospitals and an orthopaedic group in upstate New York. 

However, the suit is a legal move designed to make a Massachusetts-based cloud services vendor turn over patient data stolen from hospitals and allegedly stored on the cloud service vendor's servers to force the gang to hand over the data. It is said by David Hoffman, general counsel of Claxton-Hepburn Medical Center, which recently filed a lawsuit against ransomware gang LockBit, that the ubiquity and anonymity of cryptocurrencies are driving economic, legal, and ethical challenges that place healthcare organizations at risk from cybercriminals. 

Despite their claims, the lawsuit asserts that the defendants "conspired to commit complex cybercrime and move stolen goods around the world." The lawsuit claims that the defendants' identities "are unknown at the moment, as they have perpetrated the subject scheme in secrecy and by using the internet." 

As part of the legal action against the hackers, the hospital group was able to serve a subpoena upon Boston-based cloud-based storage company Wasabi Technologies for the delivery of the data LockBit claimed to have stolen last summer from the hospital group. The cybercriminals allegedly stored the data on Wasabi's servers, according to court documents, which were then turned over to LockBit. 

There is an injunction sought by North Star Health Alliance to prevent the use, transfer or duplication of the exfiltrated data. According to the complaint, all copies of the stolen data must be destroyed after they have been returned to the hospital group, as well as all other copies being destroyed. 

It is reported by the hospitals that they needed access to the data to be able to identify individuals whose information could potentially be compromised as a result of the breach. It was announced recently that Wasabi Technologies turned over data stolen from LockBit and stored on its servers to North Star Health Alliance, which was a member of the North Star Health Alliance that has been affected by the August attack, said David Hoffman, general counsel for Claxton-Hepburn Medical Center. 

ISMG was notified by Wasabi that the firm is committed to ensuring that all regulatory requests related to the company are answered as soon as possible. The policy of the firm is to refrain from commenting on ongoing legal matters. 

According to the lawsuit, around August 30, when a hacker gained access to Wasabi's cloud server owned and operated by the hospital group, the data was stolen from the hospital group's IT infrastructure and transferred to a server owned and operated by Wasabi. A data breach occurred. 

As per a statement posted on Carthage Area Hospital's Facebook page on Sept. 6, North Star Health Alliance members have been required to reschedule a variety of outpatient appointments as a result of a cybersecurity incident that they were dealing with. 

There is a requirement in the finance sector to prove that companies understand their customers. This applies to regulations - such as those regarding cryptocurrency exchanges - he explained. The cloud providers should be obligated to meet these types of requirements to prevent the storage of stolen information, the operation of hostile scanners and the distribution of malware out of domestic data centres, or other types of information security threats, etc., in the cloud.

In addition to raising potential legal concerns for technology vendors seeking a way to avoid getting unknowingly entangled in cybercrime committed by their clients, Dave Bailey, vice president at privacy and security consultancy Clearwater, believes the North Star Health Alliance case also raises illegal concerns, which could cause vendors legal problems. 

To provide care and perform vital mission-critical functions, healthcare organizations are increasingly depending on online platforms for the collection and use of personal data. It should be noted however, that cybercriminals will continue to exploit gaps in the security of governments to steal personal information and profit from it.

In the end, this can have adverse effects on the organization's business operations, resulting in poor health services and ultimately a decline in performance. Healthcare providers and facilities should demonstrate prompt responsiveness to minimize potential damages swiftly. 

Additionally, it is imperative to establish comprehensive, integrated preventative measures to safeguard data and uphold continuous business operations. Healthcare organizations stand to gain considerable advantages from the implementation of multi-layered detection and recovery systems.

These systems aid in the identification and prevention of vulnerabilities and malware, mitigating the risk of exploitation and transmission to various data endpoints, including corporate networks, medical devices, company mobiles, and others. 

In the event of security incidents, such as data breaches, healthcare organizations must possess the capability to assess their impact accurately. Furthermore, they are obligated to promptly notify law enforcement and the relevant authorities. Simultaneously, it is essential to enact a well-defined action plan to address the needs of affected patients and individuals, ensuring a comprehensive and effective response to security breaches.

Malek Team: Iran-linked Hackers Claim to Leak Medical Records From Israeli Hospital


An alleged Iran-based hacker group has claimed responsibility for stealing thousands of medical records from an Israeli hospital and leaking them on online forums. The stolen data also includes medical information of Israeli soldiers. The hospital – Ziv Medical Center – is situated in the city of Safed, near the border of Syria and Lebanon. 

The hackers claim to have stolen 500GB of medical data dating back to 2022. The 700,000 documents purportedly contained patient medical and personal data, including disease types and prescribed medication.

Last weekend, the hacker group involved in the attack – Malek Team – after attacking the hospital, began releasing documents that included the ones containing data from the Israel Defense Force (IDF) on their Telegram channel.

While the hackers did not disclose when exactly they attacked the hospital, a warning was released last week by the Israeli National Cyber Directorate regarding an incident affecting Ziv Medical Center's computer systems.

The warning read, “The incident has been identified and contained without disrupting or affecting various systems and the operation of the medical center.” Taking precautions, the hospital temporarily took down its email server and some of its computer systems.

The security team has conducted an investigation on the issue, however, findings have yet to be released as of yet to ascertain whether or not there was an information leak. 

Israel’s newspaper The Jerusalem Post reported that this was not the first time Ziv Medical Center has fallen victim to a cyberattack. The hospital had suffered two other cyber incidents in four months. Local media outlets reported that Ziv's systems appeared to have leaked information, which was admitted by both the hospital and the Israeli privacy protection body.

Israeli officials have said that they are pursuing charges against those connected to the incident and have forbidden the use, transfer, or distribution of any information that has been disclosed.

Along with Israeli tech and media organizations, Malek Team also claimed responsibility for cyberattacks on other targets in Israel, such as Ono Academic College, which was previously targeted earlier in October.

In their ventures, the hackers have leaked several data pieces, including videos of university classes and admission interviews with students. Also, scans of victims’ passports and documents have also been released. However, the authenticity of this data has not been confirmed.