The Conti ransomware gang has exposed a sizeable collection of healthcare records online that was purportedly thieved from Nocona General Hospital in Texas and Leon Medical Centers in Florida.
Leon Medical Centers encountered a Conti ransomware attack in the beginning of November 2020, which was in the beginning reported to the HHS’ Office for Civil Rights on January 8, 2021 as having an effect on 500 people. Leon Medical Centers discussed in its substitute breach notice that the breach involved the usage of malware and the investigation established that the attackers viewed the personal and protected health information (PHI) of selected patients.
It is uncertain when the attack took place on Nocona General Hospital, because there were no notification letters sent to compromised persons; there were no breach notice published on its site, and the occurrence is not mentioned on the HHS’ Office for Civil Rights breach webpage.
NBC after conversing with an attorney representing the hospital said that no system seemed to have been compromised, files were evidently not encrypted, and the hospital did not identify any ransom note. The Conti leak website had close to 20 files stored on February 3, 2021 which comprised patient details and Databreaches.net reports that the webwebpage contained more than 1,760 leaked information on February 10, many of which appeared to be old information. The hospital’s attorney called Databreaches.net and affirmed that the existing systems employed by the hospital were not compromised, but an old server that contains files related to patient or patient information transfers was breached. The event remains under inquiry.
The theft of patient records before file encryption, usually referred to as double extortion, is prevalent today. Based on the New Zealand cybersecurity organization Emsisoft, when 2020 began, merely one ransomware group was exfiltrating information before file encryption, however when the year ended, a minimum of 17 ransomware groups were exfiltrating information before deploying ransomware.
This strategy increases the likelihood of the ransom being paid. Healthcare organizations probably will recover information from backups, nevertheless they would have to pay the ransom to avert the stolen information from being posted on leak webweb pages or sold to other cybyer criminals.
There are indications, nevertheless, that this technique is now appearing to be less efficient. The latest report by Coveware implies trust was worn away and more victims are deciding on not to pay the ransom when they can easily get back their files from backups since there is no warranty that stolen records will be deleted when the ransom is paid.
Coveware ascribed the dramatic lowering in ransom payments in the 4th Quarter of 2020 to victims deciding on not paying as a result of not enough belief in the attackers. Coveware even now finds indicators that stolen information is not erased or destroyed after payment. Additionally, the groups are taking action to fabricate files exfiltration in situations where it didn’t take place.