Hackers post detailed patient medical records from two hospitals to the dark web – NBC News
Hackers have published extensive patient information from two U.S. hospital chains in an apparent attempt to extort them for money.
The files, which number in at least the tens of thousands and were posted to a blog on the dark web that the hackers use to name and extort their victims, includes patients’ personal identifying information, like their names, addresses and birthdays, as well as their medical diagnoses. They come from the Leon Medical Centers, which serves eight locations in Miami, and Nocona General Hospital, which has three locations in Texas.
The files also include at least tens of thousands of scanned diagnostic results and letters to insurers. One folder contains background checks on hospital employees. An Excel document titled 2018_colonoscopies has 102 full names, dates and details of the procedures, and a field to mark “yes” or “no” to whether the patient has a “normal colon.”
The hacker group that posted the files is well known to cybersecurity researchers. They typically first encrypt their victims’ files and demand payment, and it’s rare for them to publicly release such files first. But at least with Nocona, that appears to be what happened. The motive for the release of the files is unclear.
The leak highlights how hackers have in recent years steadily targeted American hospitals, small businesses, schools and government computers, often infecting them with ransomware,which is malicious software that locks up computers, rendering them inoperable. Hackers then demand payment, usually in bitcoin, to unlock the