Attacks on the medical sector continue.
Fred Hutchinson Cancer Center
This week, the group known as Hunters International claimed responsibility for an attack on the Fred Hutchinson Cancer Center in Washington. Yesterday, they dumped data from an attack that allegedly included the exfiltration of 533.1 GB of files. Inspection of the tranche suggests that the attack mainly involved internal documents. However, the fact that patients were contacted directly with what has been reported by at least one patient as accurate information from their records suggests that the attackers did get at least some patient data. The file tree that was leaked also indicates patient files were accessible.
From the cancer center’s disclosures and the threat actors’ leak site, it does not appear that the attack involved encrypting any files or systems, but neither Fred Hutch nor the attackers would confirm that when asked by DataBreaches.
Fred Hutch has contacted patients via various means to alert them to the breach and advise them not to respond to any contacts by the threat actors. The center has already been served with more than half a dozen lawsuits from the November attack.
BioMatrix LLC
BioMatrix provides specialty infusion pharmacy services to patients, prescribers, pharmaceutical manufacturers, and payers nationwide. Headquartered in Florida, they have locations and infusion centers in seven states.
On December 17, DataBreaches noted that the Medusa gang added BioMatrix to its website and posted screenshots of over two dozen internal files, including records with patients’ protected health information (PHI). The listing demands $10,000 to delay data publication for one day or $1 million to delete or download all data.
The countdown clock currently shows nine days left before more data is leaked.
Unlike some other groups, MedusaLocker does not provide any summary indicating when they attacked the victim, how much data they claim to have acquired, and what kinds of data were obtained. DataBreaches sent an inquiry to BioMatrix via its website seeking details, but no reply was received. A second inquiry was submitted by email earlier today, but no answer was immediately available.
Specialty pharmacies and infusion centers provide medications and treatments that cannot be obtained from regular pharmacies. If their systems are disrupted or locked, patient care is disrupted for patients who may not be able to get the needed treatment anywhere else in their state. If locked files contain essential details about the compounds or therapy and the patient doesn’t have a current copy of their medical records, an attack like this puts patients in danger of getting no treatment or the wrong treatment. While for some conditions, treatment delayed may not be life-threatening, for other disorders or conditions, it might be.
For those who don’t understand the potential harm of hitting specialty pharmacies or infusion centers or who have tweeted about this attack and mentioned potential financial or reputational harm but not the risk to medical safety and life, please take a minute to visit BioMatrix’s website. Please read up on the therapies and services they offer. DataBreaches does not know whether Medusa did lock BioMatrix and has contacted them via three of their qTox accounts to inquire, but none of those accounts are online at publication.
This post will be updated if more information becomes available.