The healthcare sector faces cyber threats as cybercriminals target hospitals, leaking patient data and auctioning DNA records. The Karakurt group steals sensitive information from hospitals, while the Cl0p ransomware gang exposes healthcare details. Medicare data breach affects 612,000 beneficiaries via the MOVEit software vulnerability. The Health 3rd Party Trust Initiative aims to mitigate risks for healthcare organizations and vendors handling PII and PHI. Continuous vigilance is crucial to protect patient data from cyberattacks.
In recent news, several cyberattacks have raised concerns about data security in the healthcare sector. Hospitals and health systems are continuously monitoring vulnerabilities within their networks, as well as those of vendors and widely used fourth-party tools. Despite these efforts, bad actors are still managing to target large organizations, regional hospitals, and patients.
Stolen Health and DNA Data in Oklahoma
The Karakurt data extortion group has claimed responsibility for a cyberattack on McAlester Regional Health Center in Oklahoma. The attackers boast possession of over 1,175 gigabytes of data, including 5 GB of SQL data on medical staff. The stolen personally identifiable information includes social security numbers, bank statements, invoices, and sensitive patient health information, such as medical reports and confidential documents. The ransomware gang has plans to publish samples of the data and auction off the hospital’s sensitive information, including 40 GB of genetic DNA from patient records. Previously, Karakurt targeted Methodist McKinney Hospital, Methodist Allen Surgical Center, and Methodist Craig Ranch Surgical Center, stealing 360 gigabytes of data and threatening to expose it on the dark web. The group, thought to be an offshoot of Conti ransomware, demands ransom payments ranging from $25K to $13M in Bitcoin within a week of initial contact with the victims.
Medicare Data Breach via MOVEit Attack
The Centers for Medicare and Medicaid Services (CMS) reported a major data breach involving the personal information of Medicare beneficiaries held by its business associate, Maximus Federal Services. This breach occurred during a fourth-party ransomware attack on the MOVEit file transfer software in late May. CMS stated that the incident was a result of a security vulnerability in the MOVEit software. While Maximus is one of the many affected organizations, CMS confirmed that its system had not been compromised. The breach exposed data from 612,000 beneficiaries, including personally identifiable information, medical histories, provider and prescription details, health insurance claims, and subscriber information. The specific ransomware gang, Cl0p, used a web shell called LEMURLOOT, written in C#, to target the MOVEit Transfer platform.
Cl0p Ransomware Gang Leaks CareSource Data
In a separate incident, the Cl0p ransomware gang leaked a 40-GB dataset allegedly belonging to CareSource, an Ohio-based nonprofit organization providing public healthcare programs such as Medicaid, Medicare, and marketplace services. The leaked data included sensitive healthcare information, such as prescribed drugs, risk groups, and patients’ treatment details. This is not the first time CareSource has been involved in a data breach, as they were also affected in the April 2022 breach of OneTouchPoint, a print and mail-fulfillment service utilized by various healthcare organizations. Cl0p and other ransomware groups have strategically targeted the healthcare sector, exploiting vulnerabilities in third-party business associates who have access to or aggregate large amounts of data.
Healthcare organizations and security groups, like the Health 3rd Party Trust Initiative, are making efforts to address and manage third-party risks more effectively. By implementing a new blueprint for third-party risk management, they aim to enhance data security and swiftly respond to known vulnerabilities in tools containing personally identifiable and protected health information (PII and PHI). Despite these measures, the healthcare sector remains a prime target for cyberattacks, emphasizing the need for continuous vigilance and improvements in data security practices.
