Recent ransomware attacks on Barlow Respiratory Hospital proved the ransomware gangs are not dialing down their interest in hospital patient data. With more people flocking to hospitals in the wake of the Delta variant COVID-19 infection, troves of patient data become vulnerable.
In one of the recent attack rounds, a ransomware group called Vice Society began targeting multiple healthcare institutions in June 2021. Subsequently, it leaked such patients’ information as payment details and social security numbers on the dark web when victims did not pay up their extortion fees.
According to Cisco Talos cybersecurity researchers, Vice Society regularly targets and exploits the Windows PrintNightmare vulnerabilities in unpatched systems.
Dark Owl, another prominent cybersecurity firm, compared Vice Society’s attacks to the Hello Kitty ransomware gang since both used Linux system encryption-like techniques during their attacks.
Hospitals like Centre Hospitalier D’Arles, Waikato DHB, and Eskenazi Health were the other victims on the Vice Society’s victim list. The group leaked and posted all of these medical institution’s data along with Barlow Respiratory Hospital’s.
Barlow Respiratory Hospital in California, US, faced the attack on 27th August. It said that its patients’ information was not tampered with, and they operated efficiently throughout the day. The hospital authorities promptly informed law enforcement when the ransomware attacked its IT systems.
However, in its statement, the hospital said that some of its stored data were unofficially copied from its backup system and published on the dark web. The hospital’s investigation of these stolen data continues.
It also mentioned that the hospital’s cybersecurity firm continues to work with law enforcement to evaluate the incident. If situations arise, it shall also, by following the laws, inform patients who were victims of the data leak.