Security
Headlines
HeadlinesLatestCVEs

Headline

Hospitals taken offline after cyberattack

A group of French hospitals was taken offline afetr a data breach has been discovered. The stolen data are patient records including SSN, banking information, email addresses, and phone numbers. The post Hospitals taken offline after cyberattack appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability#web#rce#alibaba

Hospitals taken offline after cyberattack

Posted: April 26, 2022 by

The GHT Coeur Grand Est has become a victim of a cyberattack on the hospital centers of Vitry-le-François and Saint-Dizier. The hospital’s administration has warned [French] that data have been exfiltrated and might be used for phishing in the future.

As a consequence, the GHT Cœur Grand Est has cut all incoming and outgoing internet connections from its franchises in order to protect and secure information systems and data.

GHT Coeur Grand Est

The GHT (Groupements Hospitaliers de Territoire) Coeur Grand Est is a group of nine hospitals in the Northeast of France (around Bar-le-Duc). Together they employ some 6,000 healthcare professionals and serve around 300,000 inhabitants of the region. Most of the hospitals within the GHT network operate their own IT infrastructure, but they do share certain resources. The stolen data come from the hospital centers of Vitry-le-François (Marne) and Saint-Dizier (Haute-Marne).

The attack

On April 19, staff discovered a network breach in the systems of the GHT. During that breach, the attackers managed to copy essential administrative data. As a result, the GHT decided to cut all incoming and outgoing internet connections until the situation was resolved.

The applications and software used internally on a daily basis were not affected by the attack and remain operational, but certain services like making online appointments aren’t possible at the moment. The computerized patient file system is fully functional.

The hospitals said the IT team is working to assess and identify the damage and, as quickly as possible, re-establish secure links with the outside world. The information flows that come from outside, mainly lab results, are handled in old-fashioned paper format or, as was done years ago, by fax.

Vigilance

The GHT has warned customers to be vigilant, saying there is no guarantee that the exfiltrated files will not be shared and used by malicious people.

GHT customers should stay on the lookout for targeted phishing attempts and scams that may look more trustworthy because the scammers have information you wouldn’t expect them to have.

  • Pay attention to the sender of messages, even if they appear to be an official sender.
  • Be careful with attachments. Don’t open them until you verified the origin.
  • Never respond to a request for confidential information, in particular banking information.
  • Pay attention to the content and wording of the message received. Phishing attempts often introduce some kind of urgency by scaring the receiver or putting time pressure behind the response.
  • Be wary of phone calls or texts from unknown numbers.

Stolen data for sale

While the hospital center’s announcement doesn’t contain any attribution clues, Bleeping Computer spotted a new entry on Industrial Spy’s website, a new marketplace for stolen data.

listing on Industrial Spy platform

image courtesy of Bleeping Computer

Industrial Spy is a dark web platform that promotes itself as a marketplace for buying corporate data that contain sensitive information like schematics, financial reports, trade secrets, and client databases.

In this case, however, Industrial Spy isn’t offering anything that could draw the attention of a competitor. Instead, the data set exposes patient data among other administrative documents. The threat actors claim that the stolen personal data of patients includes social security numbers, passport scans, banking information, email addresses, and phone numbers.

Stay safe, everyone!

RELATED ARTICLES

News Corp falls victim to cyberattack

February 7, 2022 - Media giant News Corp says it fell victim to a cyberattack that it discovered in January. Investigators suspect China to be behind the attack.

50 percent of schools did not prepare for secure distance learning, Labs report reveals

December 7, 2020 - Schools faced a crisis this year, as the coronavirus forced educators across the country to suffer through lacking cybersecurity, our new report reveals.

8 everyday technologies that can make you vulnerable to cyberattacks

August 9, 2018 - The security vulnerabilities of the latest developments in tech have been well documented. But what about everyday technologies that have been around for a while or are widely adopted? Here are eight commonly-used tech conveniences that are not as ironclad as you might hope.

Singles’ Day deal seekers beware

November 9, 2017 - Originally a day set aside for singles in China to be proud of their singlehood, Singles’ Day has been transformed into what is arguably the world’s single largest e-commerce festival, thanks to the involvement of The Alibaba Group. In fact, the Alibaba Group alone reported $17.8 billion in sales; six times higher than what was…

Remediation vs. prevention: How to place your bets

September 13, 2017 - Building a security environment for businesses is a gamble these days. It’s remediation vs. prevention. Which should you bet on?

Malwarebytes: Latest News

“Sad announcement” email leads to tech support scam