Healthcare ransomware attacks are one example of cyberattacks for the healthcare sector due to the sensitivity of its data. In recent weeks, several attacks and data breaches have been identified, highlighting the sector’s target for ransomware groups and unwanted data exfiltration. The following cases highlight the severity and scope of these attacks.
New Boston Dental Care Healthcare Ransomware Attacks
New Boston Dental Care fell victim to a ransomware attack by the 8BASE group that was disclosed on May 13, 2024. Unlike the NHS Scotland incident, the attackers have provided a download link for the stolen data, and the period for the company to pay the ransom has expired. The compromised files include:
- Invoices
- Receipts
- Accounting records
- Certificates
- Employment contracts
- Confidential information
The publication of these files indicates that the negotiation period has ended without a resolution, leading to the public release of sensitive information.
NHS Scotland Healthcare Ransomware Attacks
NHS Scotland, the publicly funded healthcare system in Scotland and part of the UK’s National Health Service, was attacked by the INC Ransom group. The attack was publicized on May 11, 2024. The threat actor behind this attack appears to have attempted negotiations with NHS Scotland, but as of now, they have not received a response. Consequently, the data has not yet been leaked.
The compromised data includes:
- 3 terabytes of data
- More than 100 internal files
Currently, no full data has been published as the ransom group seems to be in ongoing contact with NHS Scotland.
Covid19MOVE Breach
At Constella, we have identified several breaches in the healthcare sector over recent weeks, one of the most significant being the Covid19MOVE breach. Detected on April 29, 2024, this breach exposed approximately 12 million records related to Covid-19 patients in Russia. The types of exposed data include:
- Emails
- Dates
- Phone numbers
- Other user-related information
The data from this breach has not been attributed to a specific company, suggesting it could be a compilation of Covid-19 related data from various sources.
Saudi Ministry of Health Data Breach
Additionally, at Constella, we have analyzed various sources from the Dark Web and detected that a database containing information from the Saudi Ministry of Health (500 GB), according to the threat actor, this information has recently been put up for sale by a user known as verifiedBpp. The data spans from 2020 to 2024 and includes:
- Full names, addresses, telephone numbers, blood types, patient records, staff internal messages, and emails
- Access to admin, staff, and patient pages, with capabilities to remove users and change permissions
- Internal systems data, including Covid-19 system, my health system, and Seha (the largest healthcare network in the UAE)
- Details such as infections, tests, recoveries, deaths, and other data
- Specific information like name, ID number, age, nationality, gender, place of diagnosis, residence, mobile phone number, and more
The post’s owner claims that the Ministry of Health’s servers were hacked, with access gained on January 3, 2021, and maintained through March 21, 2024. The total amount of data stolen is estimated to be 500 GB. The owner also mentioned that he could leak 100 GB of this sensitive data if he wants.
Cybersecurity Recommendations for Patient Data Management and Software
Given the recent surge in healthcare ransomware attacks, it’s crucial to take proactive steps to protect our health information. Here are some tips to help safeguard your personal health data against such cyber threats:
- Be Vigilant with Emails: Avoid clicking on links or downloading attachments from unknown or unsolicited emails. Phishing is a common method used by hackers to gain access to personal information.
- Enable Two-Factor Authentication (2FA): Whenever available, activate two-factor authentication on your online healthcare accounts. This adds an extra layer of security by requiring a second form of verification.
- Educate Yourself on Your Rights: Familiarize yourself with your rights under health information privacy laws, such as HIPAA in the U.S., which can help you understand how your data should be handled and what to do if you suspect it’s being misused.
- Secure Your Devices: Ensure that any device you use to access healthcare information is secured with updated antivirus software and a firewall. This can help block malicious attacks before they reach your data.
- Use Secure Networks: Avoid using public Wi-Fi to access or transmit your health information. Instead, use a secured, private network or a virtual private network (VPN) to enhance your online privacy.
- Remove Unused Accounts: Regularly review and delete any accounts for healthcare services you no longer use. Ensuring that your health information is not stored unnecessarily reduces the risk of it being exposed in a breach.
By taking these steps, you can help protect your sensitive health information from cyber threats and mitigate the impact of any potential data breaches in the healthcare sector. For more information about how to protect your organization and your patients, contact Constella.
