The DarkSide Russian ransomware gang
that found itself thrust into the spotlight in recent days over its hack of Colonial Pipeline, a major US fuel pipeline operator, apparently considers its affiliated hackers as marginally less evil than competitors — due to DarkSide’s refusal to hack entities like hospitals.
That doesn’t mean other ransomware attackers, however, are quite as principled. In fact, the health care industry represents a pretty juicy target for such cybersecurity villains, thanks to at least two highly attractive traits associated with health care enterprises: The records they store on patients are highly sensitive (i.e., potentially very valuable), and health care systems cannot tolerate any network downtime whatsoever. Bingo — that represents a target that would presumably be more than willing to pay up following a ransomware attack.
Recent victims of such attacks include San Antonio-based CaptureRx, which provides drug-related administrative services and which recently disclosed that attackers gained access to files that CaptureRx receives from healthcare providers. Ultimately, at least five different health systems reportedly ended up having some of their data stolen as a result of this one incident.
“On February 19, 2021, the investigation determined that certain files were accessed and acquired on February 6, 2021 without authorization,” CaptureRx’s disclosure about this incident explains. “CaptureRx then immediately began a thorough review of the full contents of the files to determine whether sensitive information was present at the time of the incident. On or around March 19, 2021, CaptureRx completed this review to confirm the full scope of affected individuals and associated covered entities to which the information related. Between March 30, 2021 and April 7, 2021 CaptureRx began the process of notifying healthcare providers of this incident.”
According to ZDNet, health providers including UPMC Cole and UPMC Wellsboro in Pennsylvania; Lourdes Hospital and Faxton St. Luke’s Healthcare in New York; Gifford Health Care in Randolph, Vermont and several Thrifty Drug Stores got caught up in this breach thanks to what happened at CaptureRx, by either health information of customers and patients being exposed or stolen. The HIPAA Journal has reported additional detail, such as that at least 17,655 patients at Faxton St. Luke’s Healthcare, 6,777 patients at Gifford Health Care, and 7,400 at UPMC Cole and UPMC Wellsboro had their information accessed as part of this cyberattack.
As part of its investigation, CaptureRx says it’s determined that “at the time of the incident, the relevant files (accessed) contained first name, last name, date of birth, and prescription information.
“…As part of CaptureRx’s ongoing commitment to the security of information, all policies and procedures are being reviewed and enhanced and additional workforce training is being conducted to reduce the likelihood of a similar future event.”