A nightmare in Texas is unfolding after a ransomware group threatened to publish protected health information (PHI) on the dark web. McKinney Methodist Hospital (MMH) in the Dallas metro area, and two affiliated surgical centers were targets of a cyber attack by a notorious group of Russian hackers in early July.
MMH published a notice about the cybersecurity incident on its website on July 29. The notice confirmed that names, addresses, Social Security numbers, dates of birth, medical history information, medical diagnosis information, treatment information, medical record numbers and health insurance information were present in the system at the time of the breach. The website notice was updated August 3.
“On July 5, 2022, we became aware of unusual activity on certain systems… To date the investigation confirmed that an unauthorized actor accessed certain systems containing MMH, MASC (Methodist Allen Surgical Center) and Methodist Craig Ranch Surgical Center (MCRSC) data between May 20, 2022, and July 7, 2022, and copied certain files.”
About two weeks later, on August 16, the Karakurt ransomware group added MMH to their dark web leak site, with the implied threat that they would publish or sell the data. Karakurt claims to have 367 GB of “accounting reports, executive and financial documents and much more” from MMH.
Beware the Karakurt Ransomware Group
The unscrupulous Karakurt group is one the biggest recent threats to healthcare data security.
Yesterday the HHS Health Sector Cybersecurity Coordination Center (HC3) alerted the healthcare sector to the rising prominence of Karakurt. The group has claimed responsibility for at least four cyberattacks against healthcare organizations in the U.S. The attacks have affected a dental firm, an assisted living facility, a provider, and a hospital. HC3 is warning the healthcare sector to stay on high alert and look out for any indicators of compromise.
Karakurt uses hardball tactics, including threats and harassment of employees and customers of their targets. The HC3 alert explains:
“Karakurt victims have reported extensive harassment campaigns by Karakurt actors in which employees, business partners, and clients receive numerous emails and phone calls warning the recipients to encourage the victims to negotiate with the actors to prevent the dissemination of victim data.”
Defend Against Cyber Attacks with HIPAA Risk Management
If you carefully follow HIPAA, conduct a risk analysis every year, and don’t take shortcuts, you can defend against the most common techniques used by ransomware cyber criminals. Each of the mitigation steps listed in the HC3 alert is covered in the Security Rule Checklist of The HIPAA E-Tool®.
An excerpt of the mitigation steps HC3 recommends are to:
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location.
- Regularly back up data and password protect backup copies offline.
- Install and regularly update antivirus software on all hosts and enable real time detection.
- Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.
- Enforce multi-factor authentication.
- Strengthen and enforce password policies.
For the full list, read the alert here.
You do not have to fall victim to the ransomware nightmare. Learn more about strengthening your defenses with easy to follow HIPAA rules that safeguard patient data.