Royal Ransomware Threat Takes Aim at U.S. Healthcare System
The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country.
"While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity Coordination Center (HC3) said [PDF].
"The group does claim to steal data for double-extortion attacks, where they will also exfiltrate sensitive data."
The agency further noted that Royal ransomware attacks on healthcare have primarily focused on organizations in the U.S., with payment demands ranging from $250,000 to $2 million.
https://thehackernews.com/2022/12/royal-ransomware-threat-takes-aim-at-us.html
Maybe stop putting patient financial data in the US healthcare system? Instead of lots and lots of payers, maybe just, I dunno, a single payer?
CurtEastPoint
(19,207 posts)gab13by13
(25,300 posts)Mt daughter's medical device corporation was hit 6 months ago. it's about the hackers getting access to passwords and the rest. The hackers leave the companies they hack little choice but to pay the ransom. A 2 million demand is low ball.
ck4829
(36,085 posts)Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that private data including names, addresses, social security numbers, and health records for more than 1.9 million people was exposed during a ransomware infection.
In a notice posted on its website, PFC said it "detected and stopped a sophisticated ransomware attack" on February 26 this year, during which criminals accessed files containing data from more than 650 healthcare providers. The company said it notified the affected medical centers around May 5, and is mailing letters to individuals whose data may have been stolen during the intrusion.
According to the US Department of Health and Human Services, more than 1.9 million individuals were affected in the security breach, which could make it one of if not the biggest American medical info data breaches of the year.
For comparison: in a 2019 breach of American Medical Collection Agency, which provided similar debt collection services to PFC, crooks stole more than 20 million patient records including several hundred thousand payment card details. Shortly after, the agency declared bankruptcy.
https://www.theregister.com/2022/07/13/19m_patients_medical_data_exposed/
How did this happen? How was patient data stolen to this degree?
Patient data is not safe in hospitals.
gab13by13
(25,300 posts)having access to patient's private data makes it way worse, but my point is it doesn't matter, my daughter's company was forced to pay the ransom because the hackers have access to the system whether that system contains private data or not. What is worse is that companies getting hacked do not want it publicized.
alittlelark
(18,918 posts)sux
Turbineguy
(38,440 posts)as practiced by many companies.
Once your data is in, you are never erased. Even though you have not been a customer for a decade.