Ransomware Group Have Threatened To Leak Over 1m Medical Records

Following news that the Daixin Team ransomware group has threatened to leak over 1 million medical records (https://www.theregister.com/2022/09/14/ransomware_medical_groups/), cyber security experts reacted below.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Chris Clements
Chris Clements , VP
InfoSec Expert
September 15, 2022 12:55 pm

Any sort of fantasy of honorable thieves in cybercrime should be long dead by now. Even if one or two of the most notorious ransomware gangs pinky promise not to attack critical infrastructure like healthcare, the low barrier to entry and potential high payouts from successful extortion ensure that there will always be even less scrupulous players to take their place. It’s been my experience that all but the largest healthcare institutions struggle with resources and talent to execute successful cybersecurity programs. We really have a scale problem with the current approaches to cybersecurity. If current approaches to staying protected requires investing in a dedicated team and exorbitantly expensive products, it’s no surprise that only the largest of companies can absorb those costs. The good news is that there are other far more effective strategies available to nearly everyone looking to improve their cybersecurity readiness, starting with adopting a strong culture of cybersecurity with focus on the fundamentals. Effective system hardening and attack surface reduction is often simply a matter of configuration settings, many that have best practices already freely documented in standards like NIST and CIS benchmarks. The key is in execution. Though there are many cheap or free resources for cybersecurity defense, implementation is not always easy. By staking cybersecurity on a cultural foundation, organizations can ensure that the hard work of implementation is prioritized as part and parcel of their mission.

Last edited 2 months ago by Chris Clements
Victor.acin
Victor.acin , Labs Manager
InfoSec Expert
September 15, 2022 12:54 pm

The sector is not necessarily being targeted on purpose. Most threat actors are opportunistic predators, and so will always try to find the weakest prey to attack with the highest likelihood of pay-out. As many healthcare centres have not prioritized their investment in IT security, the combination of poor security hygiene and access to sensible patient information makes them an attractive target for cybercriminals. It’s just a number’s game.

Last edited 2 months ago by victor.acin
2
0
Would love your thoughts, please comment.x
()
x