Cybercriminals post health system employee information online
A hacker group known for ransomware attacks posted sensitive employee files online following a cyberattack at a Gallup, New Mexico, health system.
According to NBC News, the group stole sensitive employee files from Rehoboth McKinley Christian Health Care Services and posted them to its website, seemingly in an attempt to extort payment.
The files reportedly included job applications and background check authorizations that included Social Security numbers.
WHY IT MATTERS
Caleb Barlow, CEO of CynergisTek, told Healthcare IT News Executive Editor Mike Miliard that the action of posting stolen information online is a fairly new tactic for bad actors.
"This is commonly referred to as 'double extortion,'" said Barlow, describing the action of posting information after a ransom has not been paid.
While NBC did not confirm whether Rehoboth paid the ransom, the information was removed from the hacker group's website.
"Recovery from a ransomware attack often requires negotiation with the ransomware actors,” Allan Liska, a ransomware analyst at the cybersecurity company Recorded Future, said to NBC.
"Usually, when files appear on an extortion site and then disappear, it means a payment was made," Liska added.
Although most experts say paying hackers is not the right strategy for dealing with ransomware, Barlow said the tactic of posting potentially sensitive data represents a ramping-up strategy.
Barlow said the messaging has become: "You need to pay me. If you're not going to pay the ransom, I'm going to extort you."
He also warned of worsening trends, such as bad actors changing stolen data once they have access – thereby giving rise to an array of potential patient safety issues – and demanding payment to reinstate it.
"If I change the data, now I break trust in the entire system," said Barlow. "Again, increasing the likelihood that you're gonna have to pay that ransom in order to either get your data back, or, even worse, know your data, is integral."
THE LARGER TREND
According to NBC, the same hacker group that posted the employee information took a similar tactic in February, posting tens of thousands of stolen records to the dark web in an apparent extortion attempt.
The files reportedly comprised scanned diagnostic results and letters to insurers, background checks on hospital employees, and an Excel document with more than 100 patient names, dates, details of colonoscopy procedures and notations about whether the patient has a "normal colon," among other personal health information.
And while 2020 was a banner year for ransomware, experts have warned that security challenges are likely to continue: The COVID-19 vaccine, plus the continued reliance on telehealth (and telework), present juicy targets for bad actors.
ON THE RECORD
"No matter how much you're spending on defense, it's a whole lot cheaper than paying for the expense after the boom," said Barlow.
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.