Cyber Attack on Pennsylvania health systems leaks 300,000 patient records

A Cyber Attack launched on Women’s Health care Group of Pennsylvania is said to have leaked 300,000 patient records. The leaked data includes names, social security numbers, birth dates, pregnancy histories, blood type info, lab results, medical record numbers, insurance info, medical diagnoses and some X-Ray scans in digital format.

As per the details available to our Cybersecurity Insiders, the attack took place on a server and workstation on May 16th of this year. Officials say that the server and workstation were immediately identified and were removed from the network.

But when the computer forensics team launched a detailed probe they discovered that hackers began exploiting the systems from January 2017, by leveraging security vulnerability. Official say that some records were also encrypted by the cyber criminals which clearly indicates that the cyber attack was a ransomware attack.

Currently, the forensics’ team which is conducting a probe are not in a position to determine if the patient info was transmitted to another resource by the hackers.

In cyber space, such, healthcare data is used by hackers to build full profiles of patients which are then posted to the dark web for sale. For instance, a patient’s insurance data can be leveraged by a hacker who can then pose as an insurance agent and attempt to collect money from a patient. Already instances such as these have been reported in Britain where insurance companies and victims have fallen prey to embarrassment and scams.

A media statement issued by Women’s Health Care Group of Pennsylvania yesterday says that the details of the cyber fraud were reported to FBI in June 2017 and a comprehensive internal review of Information Security Practices and procedures to help prevent such future events is in progress.

Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group "Information Security Community"!
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display