Two major US hospitals, the Leon Medical Centre and Nocona General Hospital, were recently targeted with successful ransomware attacks which enabled hackers to steal and leak medical records associated with thousands of patients.
In a press release, Leon Medical Centre, which is based in Florida, announced that in November last year, it was targeted with a ransomware attack which enabled hackers to infect a portion of its computer network with malware. The medical centre also confirmed that ‘certain files stored within Leon Medical's environment that contain personal information’ were accessed by cyber criminals behind the malware attack.
LMC said that data accessed by cyber criminals included names, contact information, social security numbers, financial information, dates of birth, family information, medical record numbers, Medicaid numbers, prescription information, medical and/or clinical information including diagnosis and treatment history, and health insurance information.
"Leon Medical takes the privacy and security of sensitive information within its care very seriously. In response to this incident, Leon Medical took immediate steps to identify the issues that allowed unauthorized access to its databases to occur and is working hard to address them.
"Leon Medical is still in the process of a thorough review to identify all individuals whose information was impacted by this incident and will be providing written notice as soon as possible to individuals that Leon Medical determines have been impacted by this incident," it said.
After the cyber attack was detected, Leon Medical Centre took the affected systems offline, and quickly launched an investigation into the nature and scope of the incident with the help of cyber security professionals. The healthcare company has also notified the FBI as well as the Department of Health and Human Services (DHS) about the theft of medical records.
According to NBC News, the hackers who posted data taken from LMC servers to a blog on the dark web, also posted thousands of medical records stolen from Nocona General Hospital which is headquartered in Texas. While LMC quickly responded to the incident and announced the incident publicly, an attorney representing Nocona General Hospital told NBC News that the hospital was not targeted with a ransomware attack.
The dark web blog, in which the stolen medical records were published, was found containing tens of thousands of scanned diagnostic results and letters to insurers, NBC News said. It added that the repository also contained patients' names, birthdays, addresses, and also their medical diagnoses.
Commenting on the cyber attacks targeting two major U.S. hospitals, Sam Curry, chief security officer at Cybereason, said that targeted cyber espionage campaigns or any attack on organisations on the front lines of the healthcare industry should be considered acts of war. The criminals behind these latest attacks should be brought to justice and into a courtroom to face a jury of their peers.
"Unfortunately, these attacks could very well originate on foreign soil and it's very unlikely anyone will be arrested. Threat actors are becoming more brazen in their attempts to extort hospitals and many groups are now threatening to post sensitive information if ransoms aren't paid.
"The tactics used by cyber criminals vary from attack to attack, but at the same time sensitive data is being posted to the dark web, some criminals have also encrypted the critical files used by doctors and nurses to administer medicines and patient care, creating a double whammy for hospitals and putting more patients in life threatening situations.
"While no hospital will prevent motivated and skilled cyber criminals from accessing a network they have their sights set on, they can dramatically reduce risk and minimise damage by constantly threat hunting in their networks to discover malicious acts fast, with the singular goal of reversing the adversary advantage and returning the advantage to cyber defenders," he added.