The threat actors who were behind the Conti, REvil and Avaddon ransomware had caused healthcare data leak to three more organizations. The current data dumps contain troves of healthcare information allegedly stolen from a health system, a medical center, and an IT vendor with some healthcare unit clients.
The first occurrence involved the REvil group and a document scanning and management solutions vendor, Standley Systems. The hackers have claimed that the vendor did not respond to the repeated extortion attempts and thus have posted a broad range of data allegedly stolen from various clients. The screenshots revealed that at least seven of the data sets from the Ellis Clinic, WW Steel, Enerquest, Crawley Petroleum, the Chaparral Energy and the Oklahoma Medical Board from the backups of the vendor’s clients had been stolen.
The data overview claimed that the ransomware attackers had obtained the personal data from the employee passports and licenses along with the named clients, over 1000 Social Security Numbers (SSNs), medical documents, service contracts and various other sensitive information.
In the meantime, the Conti ransomware group had posted a 2% of the total data they claimed to have achieved via healthcare data leak from Rehoboth McKinley Christian Health Care Services in New Mexico. The dark web data dump also included files of named passports, bill of sale and driver’s licenses among the others.
An inspection had been carried out on the healthcare data leak documents had revealed a database containing patient and provider names, scanned patient identification cards and prescriptions. Apart from these, there were scans of patient assessments for the underage patients and complete scans of the patient treatments, electrocardiogram reports and diagnoses. One can view the scanned documents in their entirety online, having no restrictions and unredacted.
Last but not least, in the most concerning healthcare data leak, the Avaddon hackers had posted a massive data dump of highly sensitive information from the Olympia of Washington-based Capital Medical Center. However, it is eminent from the screenshots that the ransomware attackers had already planned to dump more stolen data in the next nine days.
It seems that the attackers have in possession hoards of lab results with the detailed patient information, scanned driver’s licenses, faxed patient documents with details of their insurance, patient procedural documents, provider names, contact information and even the patient assessments. The hackers had also leaked the completed patient prescription forms, lab tests with exposed patient procedures, highly sensitive patient details, diagnoses and treatments. The leaked documents also bore billing reports on the Current Procedural Terminology activities (CPT). Files with complete patient records were also found.
Overall, the healthcare data leak is a serious concern regarding the patients’ privacy. The federal agencies and the researchers have warned that these hacking groups are getting better at their targeted attacks on the healthcare sectors since September. Simultaneously, most ransomware hacking groups adhere to forcing the providers into EHR downtime to gain payments from their ransom demands. The reports have revealed that the data exfiltration occurs in 70% of all the ransomware attacks.
The hackers increasingly depend on the victims’ networks after they gain a foothold for days and weeks acquiring as much sensitive data as possible before they drop the final ransomware payload.
Source: Health IT Security
Disclaimer: Read the complete disclaimer here.