Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

ck4829

(35,844 posts)
Mon Dec 12, 2022, 07:42 AM Dec 2022

Royal Ransomware Threat Takes Aim at U.S. Healthcare System

The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country.

"While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity Coordination Center (HC3) said [PDF].

"The group does claim to steal data for double-extortion attacks, where they will also exfiltrate sensitive data."

The agency further noted that Royal ransomware attacks on healthcare have primarily focused on organizations in the U.S., with payment demands ranging from $250,000 to $2 million.

https://thehackernews.com/2022/12/royal-ransomware-threat-takes-aim-at-us.html

Maybe stop putting patient financial data in the US healthcare system? Instead of lots and lots of payers, maybe just, I dunno, a single payer?

6 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Royal Ransomware Threat Takes Aim at U.S. Healthcare System (Original Post) ck4829 Dec 2022 OP
What you said. Yes. CurtEastPoint Dec 2022 #1
Has nothing to do with putting patient's financial data in the systems. gab13by13 Dec 2022 #2
That's funny, because here's another one, and that's exactly what happened ck4829 Dec 2022 #3
Of course, I am not naive, gab13by13 Dec 2022 #5
Russia.............. alittlelark Dec 2022 #4
The problem as I see it is data hoarding Turbineguy Dec 2022 #6

gab13by13

(24,931 posts)
2. Has nothing to do with putting patient's financial data in the systems.
Mon Dec 12, 2022, 08:55 AM
Dec 2022

Mt daughter's medical device corporation was hit 6 months ago. it's about the hackers getting access to passwords and the rest. The hackers leave the companies they hack little choice but to pay the ransom. A 2 million demand is low ball.

ck4829

(35,844 posts)
3. That's funny, because here's another one, and that's exactly what happened
Mon Dec 12, 2022, 09:07 AM
Dec 2022

Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that private data – including names, addresses, social security numbers, and health records – for more than 1.9 million people was exposed during a ransomware infection.

In a notice posted on its website, PFC said it "detected and stopped a sophisticated ransomware attack" on February 26 this year, during which criminals accessed files containing data from more than 650 healthcare providers. The company said it notified the affected medical centers around May 5, and is mailing letters to individuals whose data may have been stolen during the intrusion.

According to the US Department of Health and Human Services, more than 1.9 million individuals were affected in the security breach, which could make it one of — if not the — biggest American medical info data breaches of the year.

For comparison: in a 2019 breach of American Medical Collection Agency, which provided similar debt collection services to PFC, crooks stole more than 20 million patient records including several hundred thousand payment card details. Shortly after, the agency declared bankruptcy.

https://www.theregister.com/2022/07/13/19m_patients_medical_data_exposed/

How did this happen? How was patient data stolen to this degree?

Patient data is not safe in hospitals.

gab13by13

(24,931 posts)
5. Of course, I am not naive,
Mon Dec 12, 2022, 09:41 AM
Dec 2022

having access to patient's private data makes it way worse, but my point is it doesn't matter, my daughter's company was forced to pay the ransom because the hackers have access to the system whether that system contains private data or not. What is worse is that companies getting hacked do not want it publicized.

Turbineguy

(38,331 posts)
6. The problem as I see it is data hoarding
Mon Dec 12, 2022, 10:26 AM
Dec 2022

as practiced by many companies.

Once your data is in, you are never erased. Even though you have not been a customer for a decade.

Latest Discussions»Issue Forums»Single Payer Health Systems»Royal Ransomware Threat T...