>
Ransomware operators Daixin Team claim to have stolen “more than a million records” from a US healthcare organization and threaten to leak it all to the public.
It’s unclear whether this means a million affected patients, or a million pieces of sensitive information from fewer patients, but either way, the threat actors stole sensitive data from OakBend Medical Center, which operates three hospitals in the state of Texas, and shut down its communications in the process. – and disable IT systems.
The stolen records allegedly include employee and customer names, dates of birth, social security numbers and records of patient treatments. More than enough to be used in identity theft, extortion, second stage data breaches and more.
Complete leak
But that will only happen if the group decides to go for the “full leak,” suggesting they may be negotiating with the health care provider about a possible ransom payment.
OakBend didn’t say if it planned to pay or not, but it did say it pulled compromised endpoints (opens in new tab) offline and notified law enforcement and government agencies, including the FBI. Microsoft, Dell and malware (opens in new tab) Protects, are also enabled to help. “Never has patient safety been compromised,” the company said in a press release following the incident.
While some ransomware operators have publicly pledged not to go after healthcare organizations, nonprofits, and similar organizations, some are not paying attention to the fact that these attacks can actually endanger human lives. A similar attack recently took place in Pennsylvania, when the Lehigh Valley Medical Associates systems were hacked and the names, addresses, social security numbers and medical records of 75,628 individuals were compromised.
Hospitals and other healthcare facilities were also a prime target during the Covid-19 pandemic.
- Check out our list of the best antivirus programs (opens in new tab) solutions now
Through: The register (opens in new tab)