[BreachExchange] Stolen patient data posted on the dark web after cyberattack on California clinics

[Terrell Byrd]

https://www.beckershospitalreview.com/cybersecurity/stolen-patient-data-posted-on-the-dark-web-after-cyberattack-on-california-clinics.html

Fresno, Calif.-based United Health Centers, which has 21 locations across
California, was hit by a ransomware attack that reportedly forced its
entire network to shut down and resulted in patients' data being stolen,
according to an Oct. 12 Fresno Bee report.

Six things to know:

The cyberattack reportedly disrupted its network and resulted in patient
data theft, the Bee reported. The ransomware group Vice Society claimed
responsibility for the disruption on United Health Centers' systems,
according to the report.

Vice Society, which emerged in June, began leaking patient data that it
allegedly stole during the ransomware attack, Bleeping Computer reported.
The stolen data reportedly included financial information, patient lab
results and more. Twenty percent of Vice Society's victims on its data leak
site are in the healthcare industry, according to the report.

Kevin Linder, a patient of United Health Centers, said he was alerted by a
credit report that some of his data, such as his Social Security number,
were posted on the dark web. The source of the breach was the California
clinics, the Bee reported.

David Phillips, a spokesperson for United Health Centers, told the Bee that
it "recently experienced technical difficulties, resulting in a disruption
to certain computer systems."

Mr. Philips said the computer systems were restored to full functionality
and an investigation of the disruption is underway, the Bee reported.

Bleeping Computer asked Vice Society why it targets hospitals, to which the
hacker group replied, "Why not?"

"They always keep our private data open," the hacker group said. "You, me
and anyone else go to hospitals, give them our passports, share our health
problems, etc., and they don't even try to protect our data. ... If IT
department[s] don't want to do their job we will do ours and we don't care
if [it's a] hospital or university."
Becker's Hospital Review reached out to United Health Centers for comment
and will update the story if it receives any additional information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211014/ac2d4738/attachment.html>