Ransomed Canadian Healthcare Records

Data breaches are becoming an all too common occurrence. So far in 2018, there has been the Russian grid hacking, where a group of malicious attackers were able to probe power companies in the United States and gain direct access to utility control systems; a group of Iranian hackers were able to steal over 31 terabytes of data from 320 universities in 22 countries, 47 private companies and targeted state and government offices; VPNFilter has infected over 500 000 routers worldwide which can steal information and spy. Today we found out over 80 000 health records were stolen from an Ontario home medical care service CarePartners.

The Data breach was of a healthcare service on behalf on the Ontario Government. In June CarePartners made the news of the breach public, saying that only patients and employees data had been accessed by malicious attackers. A forensic investigation had identified 627 patient files and 886 employee records. All of the individuals whose information has been compromised have been notified.

That would have been it, lost in a world of other data breaches, if it wasn’t for the attackers that contacted the CBC with details of the attacks and have demanded a ransom be payed, if not they will release the data.

They told CBC News: “We requested compensation in exchange for telling them how to fix their security issues and for us to not leak the data online.”

The malicious attackers sent a sample to CBC of the data set which includes thousands of medical records, including birthdays, health numbers, phone numbers and medical histories. The hackers also included 140 credit card numbers from patients, complete with expiry dates and security codes, as well as employee tax slips, social security numbers, bank account details and passwords. The attackers claim they have hundreds of thousands of records.

CarePartners in June had said a total of 1500 records were stolen, the file CBC received from the hackers includes information from 80 000 people, and they claim to have more.

The attackers were able to gain access to the patient files due to software that hadn’t been updated in over two years. The hackers added: “This data breach affects hundreds of thousands of Canadians and was completely avoidable. None of the data we have was encrypted.”

Sophos, a cybersecurity provider, has said about the incident: “If they’ve given up any hope of being paid, that makes it more likely that the data will be posted to a public server where it will join the ocean of other personal healthcare data that lives in the darker recesses of the Internet.”

A major data breach could have been avoided with regular updates to software. Patching is a line of security that is easy to neglect and not doing it can create vulnerabilities in even the safest systems. Malicious attackers look for organizations who haven’t updated their software to exploit known vulnerabilities.

Next Digital can help make sure your system is healthy and always up to date with our personalized managed IT services. Our technicians are dedicated to you, will get to know you, your system and better understand your needs. Don’t let your software be a liability. Contact Next Digital Today.

Leave a Reply

Your email address will not be published. Required fields are marked *