Another Healthcare Giant Grupo Fleury Suffers Ransomware Attack

It has been reported that Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company took its systems offline. Grupo Fleury is the largest medical diagnostics company in Brazil, with over 200 service centers and more than 10,000 employees. The company performs approximately 75 million clinical exams in a year. Starting yesterday, the Fleury website began displaying an alert warning that they suffered an attack and that systems are no longer accessible.

Experts Comments

June 30, 2021
Sean Tickle
Head of CyberGuard
CyberGuard Technologies

Healthcare organisations are under increasing attack from ransomware groups as healthcare data is a valuable commodity on the Dark Web. Unfortunately, healthcare organisations are a popular target for hackers as them having the right patient care information available is a matter of life and death, so they are more likely to pay the ransom demand. 

Whether the ransom is paid or not, the current generation of ransomware steals the targeted healthcare and patient information before applying

.....Read More

Healthcare organisations are under increasing attack from ransomware groups as healthcare data is a valuable commodity on the Dark Web. Unfortunately, healthcare organisations are a popular target for hackers as them having the right patient care information available is a matter of life and death, so they are more likely to pay the ransom demand. 

Whether the ransom is paid or not, the current generation of ransomware steals the targeted healthcare and patient information before applying encryption to the target’s data systems. This means that a successful ransomware attack gives hackers access to large amounts of highly valuable healthcare and patient data, which they can then sell on the dark web.

For attackers this is a win-win scenario; they either succeed in getting a lucrative ransom payday or they end up with a valuable resource to sell on the dark web – if not both.

Too often healthcare organisations have old, outdated or limited security resources, which only gives hackers a clear entry point for attacks.

  Read Less
June 28, 2021
George Paparmagaritis
MSS Operations Director
Obrela Security Industries

Throughout the pandemic, we have seen cybercriminals prey on the most vulnerable of organisations in a bid to extort and exploit them, with healthcare facilities being no exception. All healthcare organisations have been a prime target for criminal groups as they hold a multitude of sensitive and highly valuable data such as patients names, dates of birth, and home addresses. Once a healthcare organisation is breached a ransomware group is then able to access the organisation’s data and

.....Read More

Throughout the pandemic, we have seen cybercriminals prey on the most vulnerable of organisations in a bid to extort and exploit them, with healthcare facilities being no exception. All healthcare organisations have been a prime target for criminal groups as they hold a multitude of sensitive and highly valuable data such as patients names, dates of birth, and home addresses. Once a healthcare organisation is breached a ransomware group is then able to access the organisation’s data and threaten to leak it if a ransom is not paid.

Although this has not been confirmed as a ransomware attack, sources have suggested it most likely is. If this is the case the organisation should enlist the help of experts who can advise on the best action to take, which will largely depend on the data that has been stolen and the ransom demanded. Preparation is key when trying to limit the damages of ransomware attacks. Having a strong resilience plan in place is one of the best ways to prepare for attacks. This allows organisations to rehearse their mitigation efforts and know exactly how to respond when they get attacked and the amount of loss they are likely to face – leaving no unwanted surprises.

  Read Less
June 28, 2021
Camille Charaudeau
VP Product Strategy
CybelAngel

Cyberattacks that disable medical facilities and weaponize stolen medical records are unconscionable when the uptime of every care facility and accuracy of every health record determines whether lives are saved and impacted. The sheer volume of attacks can often feel overwhelming and monetary gain is at the core of most attacks – through ransom demands, or by selling stolen data on illicit platforms.  

Going forward, this type of breach is likely something we are going to see more of and need

.....Read More

Cyberattacks that disable medical facilities and weaponize stolen medical records are unconscionable when the uptime of every care facility and accuracy of every health record determines whether lives are saved and impacted. The sheer volume of attacks can often feel overwhelming and monetary gain is at the core of most attacks – through ransom demands, or by selling stolen data on illicit platforms.  

Going forward, this type of breach is likely something we are going to see more of and need to better prepare for, especially as some groups have been known to also publicly shame specific individuals involved. We are now moving towards blackmail that goes beyond victimising companies but also individuals and human beings, which will have resounding affects. As always, continuous web scanning is essential to quickly identify and plug data leaks to minimize operational downtimes and ultimately save lives. 

  Read Less
June 28, 2021
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin

Ransomware will remain a global cyber security threat during 2021 and the associated risk of this threat materializing will be more prevalent for certain industries particularly in healthcare.

Cybercrime is a business so all should think of it the same way. Out of all the various types of cyber crime activities ransomware is the one activity that has a high direct return of investment associated with it, by holding the victims ransom for financial payment. Taking the global economic environment

.....Read More

Ransomware will remain a global cyber security threat during 2021 and the associated risk of this threat materializing will be more prevalent for certain industries particularly in healthcare.

Cybercrime is a business so all should think of it the same way. Out of all the various types of cyber crime activities ransomware is the one activity that has a high direct return of investment associated with it, by holding the victims ransom for financial payment. Taking the global economic environment and current market conditions into consideration cyber criminals will of course continue to focus on their efforts to this revenue generating stream. During 2021 we are likely to see cyber criminal individuals and groups partner together to try maximize their return of investment with their attacks. This could be targeting high-value individuals and/or large enterprise organizations.

I also envision we will see an increase in insider threat being used as a support vehicle to execute ransomware attacks. The most obvious vehicle to play out this attack is via an employee clicking on phishing links. Forrester predicts that employees will be responsible for 33% of breaches in 2021. A comprehensive security program incorporates the measurement and management of accidental behavior activity to constant risky behavior and/or activities.

Remember that your employees are your most valuable assets both from a security threat awareness perspective but too provide valuable insights into the pulse and culture of the organization so it's important to keep close eye on the ground. The key message here is no one or industry is exempt from the ransomware threat and it requires constant focus, assessment and review to ensure you and your critical information assets remain safeguarded and protected against it.

  Read Less
June 28, 2021
Andy Norton
European Cyber Risk Officer
Armis

The Healthcare industry and healthcare supply chain are both one of the top three targeted sectors worldwide. Additionally, REvil are launching a lot of attacks at the moment, having hit a maritime organisation in Brazil earlier this month.

At the moment it looks like REvil are only accepting payment in Monero coin (XMR) which is a fully fungible currency, this may be a reaction to the confiscation of the DarkSide Bitcion wallets in May. With a revenue of $500 million USD, the victim would also

.....Read More

The Healthcare industry and healthcare supply chain are both one of the top three targeted sectors worldwide. Additionally, REvil are launching a lot of attacks at the moment, having hit a maritime organisation in Brazil earlier this month.

At the moment it looks like REvil are only accepting payment in Monero coin (XMR) which is a fully fungible currency, this may be a reaction to the confiscation of the DarkSide Bitcion wallets in May. With a revenue of $500 million USD, the victim would also classify as "big game”, and therefore considered more likely to make a ransom payment.

  Read Less
June 28, 2021
Robert Golladay
EMEA and APAC Director
Illusive

The fact that a ransomware gang has gained access to such sensitive information is certainly concerning. It is not clear yet whether this attack involved the exfiltration of personal data, but it is safe to assume that the privacy of patients’ data has been compromised. For this reason, Fleury is advised to take all the necessary steps to alert potentially affected parties and to provide advice on how to best prepare for socially engineered scams, which are often attempted after personal

.....Read More

The fact that a ransomware gang has gained access to such sensitive information is certainly concerning. It is not clear yet whether this attack involved the exfiltration of personal data, but it is safe to assume that the privacy of patients’ data has been compromised. For this reason, Fleury is advised to take all the necessary steps to alert potentially affected parties and to provide advice on how to best prepare for socially engineered scams, which are often attempted after personal identifiable information falls into the wrong hands. Hopefully they have backups to restore systems and data.

Organisations such as Fleury have a target on their backs because of the value that medical data has for cybercriminals, and should definitely think about taking an active security stance. The sophistication of the tools used by threat actors makes it very hard to spot an attack by passively monitoring endpoints.

Attacks are coming from multiple attack vectors, and (in some cases) are polymorphic in nature. Government-grade level tools (i.e. nation-state) are in the public domain. So, blackmail and ransomware are an unfortunate reality. Companies and supply chains can be destroyed (large scale attacks can happen). It’s estimated that only 3% of companies in the world are protected with an Active Defence, one that puts them on the offensive as opposed to the defensive.

Bottom line? Today’s threats make it essential to look for bad actors that might already be within the network, and this can be done by creating a hostile environment for an attacker and blocking lateral movement before critical systems are compromised.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.