Collin County, Texas-based Methodist McKinney Hospital, Methodist Allen Surgical Center and Methodist Craig Ranch Surgical Center were the victims of a ransomware attack on July 5, the hospital system announced July 29.

WHY IT MATTERS

They did not pay the ransom, according to a new report by CBS in Dallas-Fort Worth. The culprit, the Karakurt data extortion group, stole 360 gigabytes of data instead of locking the health system's computer infrastructure down. 

According to the hospital's published notice, the information present in the affected systems included names, addresses, Social Security numbers, dates of birth, medical history information, medical diagnosis information, treatment information, medical record numbers and health insurance details. 

The hospital confirmed that an unauthorized actor accessed certain systems between May 20 and July 7 and copied certain files. A third-party company is conducting a detailed investigation of information present at the time of unauthorized access.

"We are notifying individuals as it identifies information, and this process is ongoing," said the hospital in the statement, as it advised patients to take steps to protect personal information in light of the data breach.

This is what they are likely to have to do – if and when information is released to the dark web – a known practice of the Karakurt Team, according to a June alert released by the Cybersecurity and Infrastructure Security Agency. 

"Karakurt victims have not reported encryption of compromised machines or files; rather, Karakurt actors have claimed to steal data and threatened to auction it off or release it to the public unless they receive payment of the demanded ransom," CISA stated in the alert.

THE LARGER TREND

Cybersecurity breaches of healthcare systems are flowing and tens of thousands of patient records have previously been posted to the dark web.

Two weeks ago, Dallas-based Conifer Revenue Cycle Solutions announced that a cloud-based email account had been hacked in January, exposing patient information associated with six hospitals. Since Conifer submitted its breach, more than 25 new breaches of unsecured protected health information have been added to the U.S. Department of Health and Human Services case investigation list.

A joint announcement by the Federal Bureau of Investigation and CISA on August 11 warned that Zeppelin ransomware targeting healthcare gains access to victim networks by exploiting SonicWall firewall vulnerabilities and through phishing campaigns.

ON THE RECORD

"Information security is one of our highest priorities, and we have security measures in place to protect information in our care. We responded promptly when we became aware of this event by taking steps to secure our systems and commence a comprehensive investigation. We are also reviewing and enhancing existing policies and procedures and implementing additional safeguards to further secure the information in our systems. Additionally, we reported this event to federal law enforcement," the hospital said in the data breach announcement.