[Weekly Security News] Ransomware Extortion: Hackers Targeting Patient Records in Disturbing Trend
[May 17, 2023]
1. Staten Island Hospital operating in network downtime amid ransomware attack
Richmond University Medical Center in Staten Island, New York, is recovering from a ransomware attack that caused network downtime. Patient services are still available, but clinicians and providers are using manual processes. The hospital is investigating the attack’s impact on patient data with the help of a cybersecurity firm. This follows recent ransomware-related outages in the healthcare sector, highlighting the need to treat such attacks as disasters.
Source : SC Media
2. Ransomware gang steals data of 5.8 million PharMerica patients
Pharmacy services provider PharMerica has experienced a significant data breach affecting more than 5.8 million patients, exposing their medical information to hackers. The breach occurred on March 12, 2023, with hackers gaining unauthorized access to PharMerica’s system and stealing sensitive data, including full names, addresses, dates of birth, social security numbers, medications, and health insurance information. The breach was discovered on March 14 and confirmed on March 21, but affected individuals were only notified on May 12. The Money Message ransomware gang has claimed responsibility for the attack and has published the stolen data, which includes approximately 1.6 million unique records of personal information. PharMerica is offering one year of identity protection fraud monitoring services through Experian to affected individuals.
Source : Bleeping Computer
3. A New Low For Hackers – Threatening to Disclose Patient Medical, Mental Health Records as Ransom for Payment
Hackers are resorting to new tactics by threatening to disclose sensitive patient records, including medical and mental health information, if organizations refuse to pay their ransom demands. This was seen in the case of Vastaamo, a psychotherapy treatment center in Helsinki, where hackers stole mental health records and contacted individual patients to pressure them for payment. The decision to pay a ransom involves complex considerations, and organizations need to be prepared to navigate these scenarios and make informed decisions promptly.
Source : The National Law Review
Cybersecurity threats in healthcare have reached alarming levels, as evidenced by recent incidents. Richmond University Medical Center faced a ransomware attack causing network downtime, while PharMerica experienced a major data breach impacting over 5.8 million patients. Hackers are now resorting to tactics like threatening to disclose sensitive patient records, including mental health information, unless their ransom demands are met. These incidents highlight the pressing need for robust cybersecurity measures to protect patient data and treat such attacks as potential disasters.
Cloudbric‘s fully managed WAAP (Web Application and API Protection) service, Cloudbric WAF+, provides advanced protection against ever-growing web security threats such as malware, viruses, ransomware, and DDoS attacks. Using a logic-based detection engine and patented deep learning engine, Cloudbric WAF+ ensures maximum protection against emerging threats.
Find out more about the most advanced fully managed Web Application Firewall from our website!
Check out Cloudbric’s product lines:
No.1 in the Asia Pacific – WAF with A.I & Logic-based detection engine: Cloudbric WAF+
Cloud-based DDoS attack defense service with edge computing: Cloudbric ADDoS
Zero Trust Network Access-based Remote Access Solution: Cloudbric RAS
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Blockchain: Blockchain Security Solution