It has been reported that two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs. Daixin Team has taken credit for a September 1 assault on Texas-based OakBend Medical Center, causing a shutdown of the organization’s communication and IT systems as well as exfiltrating internal data. The criminals claim to have stolen more than a million records including names, dates of birth, Social Security numbers, and patient treatment information.
The full story can be found here: https://www.theregister.com/2022/09/14/ransomware_medical_groups/
Medical information is among our most sensitive data. We all have a distinct right to data privacy and expect that our healthcare providers are doing everything they can to fulfill on that right. So when ransomware attacks hit healthcare institutions—as it has Texas-based OakBend Medical Center— all organizations that gather data should take a pause and consider the implications of their cybersecurity strategy.
The best way to prevent the pain suffered by both victims, the enterprise and the individual, is to safeguard sensitive records such as medical information through a data-centric approach to data protection. Data-centric methods such as tokenization replace sensitive data elements with innocuous tokens that maintain the analytic value of the data while obscuring the actual sensitive information itself. With data-centric security, organizations can ensure that even if thei valuable data is accessed, read or exfiltrated, it is useless to the attacker.
If Daixin’s claim is true, this will make the breach on OakBend Medical Center the biggest US healthcare ransomware attack (by records affected) for 2022 so far, according to Comparitech’s US ransomware tracker of publicly confirmed ransomware attacks. It would also be the 9th largest since our reporting began at the beginning of 2018. And based on our worldwide tracker, it would also be the biggest global healthcare ransomware data breach for 2022.