Hospital Hack Exposes Healthcare Facilities To Dark Web Threats

A cybercrime gang known as Conti, famous for ransomware attacks, recently reported a leak of sensitive employee records and patient data on a darknet website. This occurred after hackers attacked two Florida and Texas healthcare organizations. It began with dark web threats.

Reports by NBC News show the files posted to a dark web blog originated from Texas-based Nocona General Hospital and Miami’s Leon Medical Centers. An NBC source who saw the data dumps stored on the Conti websites, reported that they contained tens of thousands of records from individuals from the above centers.

This revelation brings corporate cybersecurity into sharp focus, specifically concerning targeted attacks like phishing.
Here, we dissect the hacks and establish the timelines and reactions from respective organizations. Furthermore, we will share how your business can avoid dark web threats.

What Is The Dark Web?

The dark web is an extensive network of websites, inaccessible through typical search engines. Dark web websites use encryption to obscure their locations.

Additionally, cybercriminals have dedicated a significant amount of websites on the dark web to stolen personal and financial information trade. If any of your information winds up on a shady website — possibly after a data breach — one of the many identity thieves on the internet could access it.

A cybercriminal could then use your personal information to do anything. This could include buying cell phones or computers, opening a new credit card, or using your social security number to transfer money out of your bank account.

However, it is crucial to differentiate the dark web from the deep web. The deep web is a highly secure network inaccessible to traditional search engines. Financial institutions and governments use the deep web to transmit and store details and host services. This includes health insurance portals, private company databases, or banking account details that require you to enter secure credentials.

What Data Appears In A Dark Web Hack?

The dark web is a playground for people looking to buy and sell personally identifying information. This includes:

● Credit card numbers.
● Debit card account numbers.
● Logins for payment services like PayPal.
● Driver’s licenses.
● SSNs.
● Passport numbers.
● Medical records.
● Fake diplomas.
● Logins for subscription apps like Netflix and Blue Apron.
● Phone numbers.

The Leon Medical Center Incident

On January 8, Leon Medical Centers alerted federal regulators to a hack that affected 500 individuals, recorded by the HIPAA Breach Reporting Tool for the Department of Health and Human Services.

Within the breach notification report, Leon Medical Centers indicated that on January 8, they were still trying to identify impacted individuals and prepare notification letters.

Additionally, the Miami-based healthcare organization added that on November 8, 2020, its staff noticed that the center was the target of online attacks and that malware corrupted significant portions of its network. Notably, the initial report did not indicate there was ransomware involved in the incident.

Worryingly, the Leon Medical Centers hack exposed various information on the facility’s patients, including names, contacts, Social Security Numbers, family information, dates of birth, Medicaid numbers, clinical information, and financial records.

Nocona General Hospital Breach

Unlike the Leon Medical Centers, Nocona General Hospital did not file a breach notification. What’s more, the hospital did not issue any report on the HHS OCR’s HIPAA breach report website.

According to news reports, a Nocona attorney said the healthcare organization did not appear to be a victim of a ransomware attack. None of its systems seemed to have experienced any decryption.

Cryptically, the hospital’s attorney said that though he could not confirm with “absolute certainty” that Nocona hospital did not get a ransom demand, the hospital definitely “did not open one.”

How BC Networks’ Dark Web Scanning Works

Do you want to know if your information is on sale on the dark web? BC Networks can carry out a dark web scan. A dark web scan is a check of popular marketplaces in this “hidden” part of the internet. And, it can alert you if your information shows up.

A dark web scan is essential for your company. The sooner you catch any details or credentials made public, the faster you can work to secure your network systems and IT assets.

What To Do When Your Information Appears On A Dark Web Scan

The leaks above highlight just how far hackers have come to target small and mid-sized businesses, hospitals, and government systems. Attacks often result in infections of the affected systems with ransomware. Furthermore, ransomware is malicious software designed to lock up computers and render them unusable until you pay a “ransom.”

However, there are specific steps you can take to avoid falling prey to ransomware attacks. If you discover that your credentials are on the dark web:

● Change all your passwords.
● Notify your bank.
● Examine your credit card statements.
● Ask for a credit report.
● Freeze credit lines.

Comprehensive Security Is Vital For Growing Businesses

Your business cannot afford to lose critical data. Whether the loss comes down to malware, a phishing attack, or a vulnerable system, there is little you can do once hackers steal your data and information. If cybercriminals steal your customer data, emails, financial records, or business applications, you will inevitably lose money, valuable time, and possibly, customers.

BC Networks offers your company our Optimum + CyberSecurity service. Our team will respond as soon as your IT security is under threat.

BC Networks Helps You Protect Your Company From Dark Web Threats

If any of the hacked organizations had taken preventive measures, they would be much safer today. Let BC Networks help you avoid deep web hacks by carrying out a scan and informing your staff on how to avoid scams. Contact us for more information and secure your clients and business data.