DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

London firm on standby to test therapeutics for COVID19 notifies volunteers about March attack by Maze Team

Posted on April 10, 2020 by Dissent

Hammersmith Medicines Research (HMR) in London takes pride in their record as specialists in pharmacology phase 1 and early phase 2 clinical trials — the kinds of trials that are needed before new medications can be approved for use by the public — and the kinds of trials that will be needed if new therapeutics are being tested to treat COVID-19. Like other clinical testing entities, HMR is on standby to start testing once some therapeutics or potential vaccines are ready for testing.

But then along came some cybercriminals who decided that they would be a good target to attack with ransomware.  On March 14, HMR was attacked by Maze Team, who exfiltrated a copy of their data and then locked up everything and demanded a ransom to provide the a decryption key.

Even though the attack was on a Saturday, HMR was able to halt it and restore their computer systems and email by the end of the day. They did not pay the ransom, and their managing and clinical director would later tell ComputerWeekly that they had no intention of paying.

“I would rather go out of business than pay a ransom to these people,” he said.

On March 18, Maze Team issued a press release, stating that until the pandemic eased up, they would not attack the medical sector. On March 19, I emailed Maze Team to commend them on that and to ask if they would give HMR the decryption keys and help restore them (at that point, we did not know that HMR had been able to restore services on their own).  I received no reply that day or the next.

On March 21, Maze Team dumped some of HMR’s data — data that revealed a lot of personal and medical information about some of the volunteers in their studies.

To say that Maze Team got blasted by the media and anyone who heard about the data dump would be somewhat of an understatement.

In response, Maze Team issued yet another press release, claiming that because the attack had occurred *before* their March 18 pledge, that pledge did not apply. Their argument did not persuade anyone, but after a day or so, they did remove the data dump from public access and marked the space as temporarily removed. The data is still removed as of today.

This week, HMR published a copy of their notification to volunteers.

It may be one of the most transparent and clearly written notifications I have ever read — and that is saying a lot.  They write, in part:

We’re sorry to report that, during 21–23 March 2020, the criminals published on their website records from some of our volunteers’ screening visits.  The website is not visible on the public web, and those records have since been taken down.  The records were from some of our volunteers with surnames beginning with D, G, I or J.  The records were scanned copies of documents and results we collected at screening, including name, date of birth, identity documents (scanned passport, National Insurance card, driving licence and/or visa documents, and the photograph we took at the screening visit), plus health questionnaires, consent forms, information from GPs, and some test results (including, in a few cases only, positive tests for HIV, hepatitis, and drugs of abuse).

Even if your records weren’t among those that were published, the criminals might have stolen copies of them.

I think it’s pretty much certainly the case that Maze Team did get more data than what they dumped, as their next step would have been to dump more data. They wouldn’t have shown all their cards in their first data dump.

So will Maze dump more of their data at some point? Obviously, I hope they don’t.  They have to know when a victim is not going to pay them. They can choose to be punitive and try to rationalize it that it is a warning to future victims, or they can just close the book on that one and walk away.

 

 

 

Category: Breach IncidentsHealth DataMalware

Post navigation

← Delaware urology practice hit with ransomware in January
DoppelPaymer team leaks Boeing, Lockheed Martin, SpaceX, documents after Visser Precision refuses to pay →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.