Cybercriminals have posted massive patients’ and employees’ personal data, from two of the biggest hospital chains in the U.S., on the dark web to extort them for ransom. Attackers published tens of thousands of files from the Leon Medical Center, which runs eight health care facilities in Florida, and Nocona General Hospital, which has three facilities in Texas.
According to a report, the exposed information included patients’ personal identifying information (PII) like their names, addresses, date of birth, scanned diagnostic results, letters to insurers, background checks on hospital employees, and patients’ medical diagnoses.
While there was no sign of encrypting systems by threat actors, the hospitals authorities stated they did not open a ransomware demand.
Cyberattacks on health care organizations have become rampant in 2020. With multiple data breaches and ransomware attacks, health care providers continued to be the primary target for cybercriminals. According to the “U.S. Health Care Data Breach Statistics” survey, around 70% of the U.S. population was affected by healthcare data breaches, with over 230,954,151 health records lost, stolen, or exposed in various security incidents.
Not the First Time for Leon
Leon Medical Centers suffered a data breach in November 2020, which compromised patients’ names, contact information, social security numbers, medical records, financial information, date of birth details, family details, prescription information, diagnosis and treatment history, and health insurance details. The authorities stated that cybercriminals illicitly obtained access to its computer networks and infected them with malware. Leon Medical notified the U.S. Department of Health and Human Services (HHS), the Florida Attorney General, and the FBI for further investigation.