Ransomware Gang Dumps Information Stolen from Two U.S. Healthcare Organizations

The Conti ransomware gang has left a big set of healthcare information online that was presumably taken from Leon Medical Centers based in Florida and Nocona General Hospital based in Texas.

Leon Medical Centers experienced a Conti ransomware attack at the start of November 2020, which was at first reported to the HHS’ Office for Civil Rights on January 8, 2021 as impacting 500 people. Leon Medical Centers mentioned in its substitute breach notice that the occurrence involved malware and the investigation affirmed that the attackers got access to the personal and protected health information (PHI) of a number of patients.

It is not clear when the ransomware attack occurred on Nocona General Hospital, because there were no notification letters delivered to impacted persons; there was no breach notice posted on its web page, and the event is not posted on the HHS’ Office for Civil Rights breach site.

NBC after talking with a lawyer speaking for the hospital mentioned that none of its systems seemed to have been compromised, files were obviously not encrypted, and the hospital didn’t seem to get any ransom demand. The Conti leak webpage had about 20 files saved on February 3, 2021 which included patient data and Databreaches.net reports that the webpage had over 1,760 leaked records on February 10, the majority of which appeared to be old records. The hospital’s lawyer contacted Databreaches.net and affirmed that the present systems utilized by the hospital were not breached, instead, an old server that contains files associated to the patient or patient data transfers was breached. The occurrence continues to be under scrutiny.

The theft of patient information before file encryption, frequently known as double extortion, is common now. As per the New Zealand cybersecurity company Emsisoft, when 2020 started, just one ransomware group was exfiltrating information before file encryption, however, by year-end, no less than 17 ransomware groups exfiltrated files before ransomware deployment.

This strategy increases the possibility of getting ransom payments. Healthcare firms can possibly recover information from backup copies, nevertheless, they must pay the ransom to avoid the stolen records from being left on leak webpages or offered for sale to other hackers.

There are indications, nonetheless, that this technique is now showing to be less successful. A newly released report by Coveware indicates trust was worn away and more victims are opting on not paying the ransom when they could retrieve their files from backups since there’s no assurance that stolen information will be deleted upon ransom payment.

Coveware credited the dramatic decrease in ransom payments in Quarter 4 of 2020 to victims opting not to pay because of insufficient confidence in the attackers. Coveware still sees indicators that stolen information is not erased or cleared after payment. In addition, groups are taking steps to fabricate file exfiltration in instances where it didn’t happen.