REvil, Netwalker, and Conti ransomware hackers recently shared stolen protected health information (PHI) from three separate healthcare cyberattacks on the dark web. They didn’t release the entire data collection because they are conducting a double extortion attack. This initial data leak is a strategy to get victims to comply with their demands. By releasing part of the data, the criminals hope to force victims to pay a ransom to prevent further data leaks or stop data from being put up for auction. If the victims do pay, the criminals say they will return the data. But they run the risk of the hackers not returning all of it or asking for even more money.
What happened?
Three different ransomware attacks caused massive data breaches for healthcare providers. Hackers have released some of the stolen information to the dark web to extort victims for money.- Beacon Health Solutions: REvil published 600 GB of this healthcare business associate’s sensitive information. The hackers have scheduled ten more leaks, each with 60 GB of data, possibly including Social Security numbers, bank documents, and other personal details.
- Wilmington Surgical Associates: NetWalker claims to have stolen more than 13 GB of data from the North Carolina specialist, including thousands of documents containing sensitive information. They haven’t released the data but did post file names as proof they have it.
- Riverside Community Care: The hackers behind Conti ransomware posted sensitive files of drivers’ licenses, incident reports, and employee information from the Massachusetts provider.
What to know about double extortion
One of the most significant consequences of having your network compromised is the inability to run your day-to-day healthcare operations. You can remedy this by having a business continuity plan in place. But what you can’t prevent is cybercriminals releasing data to the dark web after it is taken. SEE MORE: Global Surges in Ransomware Attacks in Q3 2020 Hackers commonly encrypt stolen data and only unencrypt it in exchange for money. If they want to ensure they get paid, they use the double extortion method. Double extortion involves threatening to release data on the dark web if the victim does not pay a ransom. However, paying a ransom is risky because hackers may turn around and ask for more money or not meet their end of the deal. It’s a lose-lose situation for healthcare providers that might already be facing a HIPAA violation for the data breach. They may have to pay a massive fine with a potentially costly corrective action plan . SEE MORE: The Costs of Ransomware AttacksHow ransomware gets into your system
Ransomware attacks most commonly find their way into a network system from one of three entry points:- Phishing emails
- Remote desktop protocol (RDP)
- Virtual private networks (VPN)
