After intruders broke into Seattle’s Fred Hutchinson Cancer Center’s IT network in November and stole medical records – everything from Social Security numbers to diagnoses and lab results – miscreants threatened to turn on the patients themselves directly.
The idea being, it seems, that those patients and the media coverage from any swatting will put pressure on the US hospital to pay up and end the extortion. Other crews do similar when attacking IT service provider: they don’t just extort the suppliers, they also threaten or further extort customers of those providers.
[…]
The cancer center, which operates more than 10 clinics in Washington’s Puget Sound region, declined to answer additional comments about the threats.
Another health network in Oklahoma — Integris Health, which operates a network of 15 hospitals and 43 clinics — last month notified patients about a similar “cyber event” in which criminals may have accessed personal data. Shortly after, some of these patients reported receiving emails from miscreants threatening to sell their information on the dark web.
[…]
Sam Rubin, VP of Unit 42 Consulting at Palo Alto Networks, told The Register his team hadn’t seen any swatting attempts by extortion crews in 2023, though the shift in tactics seems likely.
“But I’m not surprised at all,” he added, about the reports of Seattle cancer patients potentially receiving these types of threats.
“If you look over the past couple of years, we’ve seen this continuing evolution of escalating extortion tactics,” Rubin said. “If you go back in time, it was just encryption.”
Over the past year, Unit 42 has seen cybercriminals send threatening texts to the spouse of a CEO whose organization was being extorted, Rubin added, again piling on the pressure for payment. The consulting and incident response unit has also witnessed miscreants sending flowers to a victim company’s executive team, and issuing ransom demands via printers connected to the affected firm’s network.
“We had another one where the victim organization decided not to pay, but then the ransomware actors went on to harass customers of that organization,”
[…]
Meanwhile, ransomware attacks against critical infrastructure including hospitals become more frequent. Emsisoft reported 46 infections against US hospitals networks last year alone, up from 25 in 2022. In total, at least 141 hospitals were infected, and at least 32 of the 46 networks had data — including protected health information — stolen.
It’s bad enough that these attacks have diverted ambulances and postponed critical care for patients, and now the criminals are inflicting even more pain on people. Last year this included leaking breast cancer patients’ nudes. Swatting seems to be the next, albeit abhorrent, step.
Source: Swatting: The new normal in ransomware extortion tactics • The Register
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft