Share this article on:
The Conti ransomware gang has published data on its leak site which was allegedly obtained in an attack on Rehoboth McKinley Christian Health Care Services in New Mexico. The leaked data includes sensitive patient information including scanned patient ID cards, passports, driver’s license numbers, diagnoses, treatment information, and diagnostic reports, although we have not been able to confirm the source of the data. The breach has not yet appeared on the HHS breach portal so it is currently unclear how many individuals have been affected. The Conti ransomware gang claims it has only published around 2% of data stolen in the attack. The latest data leak by the Conti ransomware gang follows similar leaks of the data stolen in the ransomware attacks on Leon Medical Centers in Florida and Nocona General Hospital in Texas.
The Avaddon ransomware gang has similarly published data on its leak site that was allegedly stolen in an attack on Capital Medical Center in Olympia in Washington. The gang has threatened to leak further data within the next few days if the ransom is not paid. The leaked data includes driver’s license numbers, patient documents, diagnosis and treatment information, insurance information, lab test results, prescriptions, provider names, and patient contact information.
According to Emsisoft, there are currently at least 17 ransomware gangs engaging in data exfiltration prior to file encryption, all of which threaten to release or sell the stolen data if the ransom is not paid. The latest Coveware ransomware report suggests data exfiltration occurs in around 70% of ransomware attacks. These double extortion attacks often see the ransom paid to prevent the release of stolen data, but there are signs that this tactic is becoming less effective due to a lack of trust that the threat groups will delete stolen data if the ransom is paid.
There have been several cases where payment has been made, only for further extortion demands to be made or for stolen data to still be published on leak sites.
Hacker Potentially Obtained Patient Data from Sutter Buttes Imaging Medical Group
Sutter Buttes Imaging Medical Group (SBIMG) in Yuba City, CA has discovered an unauthorized individual has gained access to a third-party PACS system used at its Yuba City imaging center and potentially viewed and obtained limited patient data, including a patient list that contained around 100,000 patient names.
The PACS system was used to store and transmit information in connection with medical services provided to patients. An investigation into the incident revealed an unauthorized individual first gained access to the PACS system in July 2019, and access remained possible until December 2020 when SBIMG was notified by about the vulnerabilities by the German security firm Greenbone Networks. Greenbone Networks was conducting its own research into the PACS system and discovered open ports and authentication issues that placed data at risk.
An investigation into the security breach showed limited patient information had been exposed, including names, dates of birth, imaging procedure performed, study date, study name, and internal patient/study numbers. No financial information, insurance information, or Social Security numbers were compromised.
SBIMG has corrected the vulnerabilities and other steps have been taken to improve security to prevent similar breaches in the future, including closing certain firewall ports. Third-party security experts have been engaged to assess system security and additional security controls are now being implemented.
All patients have been notified by mail and the breach has been reported to the HHS’ Office for Civil Rights. The incident has yet to appear on the HHS breach portal, so it is currently unclear exactly how many individuals have been affected.