New Group of Cybercriminals Seeks Credit for Massive Data Breach at Fitzgibbon Hospital | Console and Associates, PC
Recently, Fitzgibbon Hospital appears to have been the victim of a ransomware attack carried out by a previously unknown group of cybercriminals calling themselves “Team DAIXIN”. Although Fitzgibbon Hospital has yet to confirm the attack, the DAIXIN team claimed responsibility for the attack by sharing a link to a dark website with all the stolen data. Based on a preliminary review, it appears that the compromised data includes patient names, birth dates, medical record numbers, patient account numbers, social security numbers, and medical and health information. treatment.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from fraud or identity theft and what legal options are available to you following the Fitzgibbon Hospital data breach, please see our recent article on the subject. here.
What we know about the Fitzgibbon Hospital data breach
News of the Fitzgibbons Hospital breach is very recent and the hospital has yet to issue any public statement regarding the incident. That said, all information about the breach comes from the attackers themselves, who contacted HIPAA Journal to take credit for the attack. The hackers also provided a link to a dark website where they posted the stolen data.
Based on available information, the stolen data includes database tables from the MEDITECH database as well as sensitive documents containing stolen patient data from internal servers. Although the information disclosed will vary depending on the individual, it may include patient names, dates of birth, medical record numbers, patient account numbers, social security numbers, and medical and treatment information. .
There is also evidence that some employee data at Fitzgibbon Hospital has been compromised, including their salary information. The hacked data also included information about the hospital’s data security system, including the results of previous internal audits the hospital had conducted to identify vulnerabilities that needed to be patched.
A representative from Fitzgibbon Hospital spoke with the hackers to discuss paying the demanded ransom. However, it does not appear that a ransom was paid.
Fitzgibbon Hospital is a non-profit community hospital based in Marshall, Missouri. Fitzgibbon Hospital operates nine clinics in the area, including Marshall Family Practice, Mid-Missouri Family Health at Fitzgibbon, Marshall Orthopedic & Sports Medicine, Akeman-McBurney Medical Clinic, Slater, Fitzgibbon Family Health, Fayette, Grand River Medical Clinic, Brunswick , Fitzgibbon Chiropractic, Fitzgibbon Mental Health, Marshall Surgical Associates, Pilot Grove Medical Clinic in Fitzgibbon. Fitzgibbon Hospital employs more than 679 people and generates approximately $54 million in annual revenue.
What are ransomware attacks?
Although Fitzgibbons Hospital has yet to publicly reveal that it was the victim of a ransomware attack, this information has been confirmed by the threat group that orchestrated the attack. So far in 2022, ransomware attacks have been the weapon of choice for many cybercriminals looking to extort large sums of money from businesses. According to the Identity Theft Resource Center (“ITRC”), the number of ransomware attacks more than doubled between 2020 and 2021, from 158 to 321. Each of these attacks affects thousands of individuals on average.
Given the frequency and risk of ransomware attacks, it is important for consumers to understand what they are, how they can be avoided, and what can be done after them to reduce the worst consequences, including theft. identity and other fraud.
Ransomware attacks have been around for decades. However, the way cybercriminals carry out these attacks is changing over time. Historically, a traditional ransomware attack involved hackers installing malware on a victim’s device or computer network. This malicious software, or malicious software as it is often called, encrypts some or all of the data on the victim’s device or computer network and blocks the victim from accessing the network. When the victim tries to log in, they see a message from the hackers demanding that they pay a ransom if they want to regain access to their computer.
Although any ransomware attack is a nuisance, the recent trend in recent years is that hackers threaten to publish the data they have obtained from the victim, usually on the dark web, if the ransom is not paid. This certainly adds to a company’s fear because once information is published on the dark web, it is accessible to millions of people, most of whom have less than honest intentions. Some hackers sell consumer data on the dark web, while others release it for free. In both cases, a victim’s sensitive information must be seized.
It is imperative that those affected by the Fitzgibbons Hospital data breach take the necessary steps to protect themselves. Data breach attorneys are currently investigating Fitzgibbons’ breach and, depending on the outcome of that investigation, victims may be able to bring a class action lawsuit against the company. Data breach victims who have questions about what to do after a ransomware attack or their legal options should contact a data breach attorney for assistance.