Security News > 2021 > January > Ransomware Gang Collects Data from Blood Testing Lab

Apex Laboratory, which provides blood work at home for patients in New York City, Long Island and South Florida, has been hit with a ransomware attack that also resulted in patient data being stolen.

"While the typical ransomware business model involves encrypting data in place and then selling the victim decryption capabilities, business models always evolve," Oliver Tavakoli, CTO at Vectra, told Threatpost.

"In order to maximize the likelihood of getting a targeted organization to pay such ransoms, attackers may choose to impose multiple types of pain - in this case, the attackers employed both the possible loss of data through encryption as well as the public release of confidential information, thereby getting two bites at the apple. While Apex Laboratory had good enough data backups to overcome the first threat, the second threat was the attacker's failsafe to still get a ransom."

The news comes as healthcare organizations continue to be a top target for ransomware gangs,.

"Ransomware continues to be a leading thorn in the side of care delivery, being able to deliver care to patients. ransomware comes in and shuts down clinical operations, it can cause patient care to go on divert, which is where they basically send ambulances to other hospitals, or even cause hospitals to move patients to another facility that's not impacted by ransomware."

"This means the compute infrastructure lags behind due to both business and technical reasons. Healthcare executives need a shift in mindset. They must understand compute infrastructure in hospitals is key to healthcare, and computing failures are healthcare failures. Further, computing flaws are highly correlated and can spread quickly - ransomware or breach of large data stores - or compromise of medical equipment on a network."

News URL

https://threatpost.com/ransomware-gang-data-blood-testing-lab/162721/