A group of cybercriminals are threatening to expose information it stole from more than one million records at a Texas-based hospital.
Daixin Team warned that it would initiate a “full leak” of the data it extracted in a September 1 attack on OakBend Medical Center that led the organization to temporarily shut down its communication and IT systems, said the provider.
It claims that the data includes names, dates of birth, social security numbers and patient treatment information, and that it has already shared employees’ personal information as a download, most likely to prove that it siphoned the data and to pressure OakBend into giving into its ransom demands, according to The Register
The ransom amount the group requested was not disclosed. It also has not been made clear if the information compromised belongs to one million patients or is one million pieces of sensitive medical and personal information.
"At no time was patient safety ever in jeopardy," said OakBend in a statement about the attack.
OakBend operates three hospitals in Texas. Upon learning about the attack, it took its infected systems offline and “immediately” called in the FBI and local government cybersecurity officials to investigate, as well as experts from Microsoft, Dell and Malware Protects.
The hospital’s IT team and CFO secured all patient-centric systems. In an update, the company says its telephone system has been partially restored, but that voicemail is still unavailable. Its email service is also working, and it will continue to provide updates.
At least 13 U.S. providers that together make up 59 hospitals among them have been the victims of ransomware attacks in 2022, according to security management company Emsisoft.
A week after the incident at OakBend, Medical Associates of the Lehigh Valley, in Pennsylvania, revealed that it had been hit by a ransomware attack back in July that breached its network security and gave hackers access to 75,628 individuals' names, addresses, social security numbers and medical records.
Like OakBend, it also worked with third-party experts and reported the attack to federal authorities. "At this time, MATLV is not aware of any evidence to suggest that any information has been fraudulently misused. However, MATLV was unable to rule out the possibility that the information may have been accessed during the attack,” said the provider in a notice to patients.
Neither organization responded to The Register’s request for comments.