Latest Threat Research: Technical Analysis: Killer Ultra Malware Targeting EDR Products in Ransomware Attacks

Get Informed


Sensitive Medical, Financial Data Exposed in Extortion of Massachusetts Hospital

In a statement published on May 28, 2021, Sturdy Memorial Hospital of Massachusetts announced they had been victims of a ransomware attack.  The hospital stated they identified a security incident on February 9, 2021, and through an investigation determined an unauthorized party gained access to the hospital’s systems. The hospital also stated they paid a ransom in order to secure any stolen data and obtained assurances the data would not be further distributed. The hospital notified patients of the incident and said the stolen data included  names, contact information – including address and phone number, dates of birth, Social Security numbers, Driver’s License numbers or other government issued identification numbers, financial account numbers, routing numbers and/or bank names, credit card numbers and security codes, Medicare Health Insurance Claim numbers, medical history information, treatment or diagnosis information, procedure or diagnosis codes, prescription information, provider names, medical record numbers, Medicare/Medicaid numbers, health insurance information, and / or treatment cost information.

Analyst Notes

The FBI never recommends an organization pay a ransom. There is no guarantee a Ransomware gang will not share, or more likely sell, stolen information even after receiving payment from a victim. Threat actors can leverage stolen medical records to impersonate legitimate patients to commit various forms of fraud, including submitting fraudulent claims to health insurers without authorization. This could not only affect healthcare coverage, but also compromise safety if there’s misinformation on file that is needed for medical treatment. Anyone who may have been a victim of a medical data breach should get confirmation from their provider to find out exactly what information was stolen. Change and strengthen any online logins and implement multi-factor authentication. Asking the insurance provider for copies of claims and carefully reviewing explanation of benefits notices can reveal if a patient’s identity has been used fraudulently. This might show if inaccurate health and medical information is present in the patient’s records. Lastly, financial and credit accounts should be monitored closely, because sometimes medical insurance information is used to commit other forms of financial fraud. Placing a credit freeze on file with the credit bureaus and notifying banks or other financial institutions is helpful to prevent fraud when identity theft is suspected.

Sensitive medical, financial data exposed in extortion of Massachusetts hospital