DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Finjan finds patient data on hackers' server

Posted on May 6, 2008 by Dissent

In its latest Malicious Page of the Month Report [pdf], Finjan, Inc. reports that it discovered

… a server controlled by hackers (Crimeserver) containing more than 1.4 Gigabyte of business and personal data stolen from infected PCs. The data consisted of 5,388 unique log files. Both email communications and web-related data were among them.

The compromised data came from all around the world and contained information from individuals, businesses, as well as renowned organizations, including healthcare providers.

Within the report, Finjan provides examples of compromised patient data:

The examples below show the open and easy access to the medical and personal data of patients, as well as email correspondence between physicians and healthcare providers and patients as was found on the hacker’s server (Crimeserver). To protect the privacy of parties involved, we filtered out and changed the shown data to ensure anonymity. Below is an example of a log containing a patient’s medical record and history that was stolen from his/her physician’s infected PC:

http://…../de…nts/…/MedicalRecordReview/
“Diagnosis=Admitted for IV abx 2nd spinal rod infection. Hx of SMA, wheelchair bound, on bipap c back up rate. ESR increased. Ctx neg. Not getting meds at home. Will need 42 days abx…. low grade fever 2 days ago.”

The next example shows part of a stolen email communication:

“…Attached you will find our personnel file. Please fill it out in its entirety and return via email….These forms are kept confidential and locked up”

The Crimeserver logs contained all kinds of patient information, including personal data, health data, treatment, medications, insurance details, Social Security Numbers, and healthcare providers’ data, including physician’s name.

Due to the fact that the data in this example were HIPAA related, we informed the FBI to take appropriate action.

Category: Health Data

Post navigation

← Canada: Fax had personal information
Anti-Discrimination Bill Inadvertently Legalizes Sharing of Genetic Information Without Patient Consent →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach
  • ‘Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential abuse survivors’ addresses

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.