Security News > 2022 > September > Ransomware gang threatens 1m-plus medical record leak

Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs.

In a notification to watchdogs last Friday, Pennsylvania's largest primary care group said a "Sophisticated" ransomware crew breached its network security, giving it access to 75,628 individuals' names, addresses and Social Security numbers along with their medical records.

According to a letter [PDF] sent to patients, Medical Associates of the Lehigh Valley became aware of the attack on July 3, and "Immediately" began work to secure its systems.

The attackers may have accessed patient names, address, email address, date of birth, Social Security number, driver's license number, State ID number, health insurance provider, medical diagnosis and medical treatment information, medications, and lab results, according to the alert.

At press time, neither medical group responded to The Register's inquiries about the extortionware attacks, which paint a disturbing picture as crooks target networks with potential life-and-death consequences.

"Ransomware attacks on the health sector are particularly heinous, not only because of the potential for life-threatening disruption to patient care, but also because of the sensitivity of the data that ends up in the hands of cybercrims - in particular, folks' medical info," Callow told The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/14/ransomware_medical_groups/