Ransomware gang Qilin has recently made headlines by claiming to have in its possession a substantial amount of data stolen from a Texas pediatric orthopedic practice. The group reportedly posted 42 gigabytes of this stolen data for sale on its dark web leak site back in February. As a result, Central Texas Pediatric Orthopedics has begun the process of notifying over 140,000 individuals that their personal information may have been compromised in the hack.
According to reports, the hacking incident was reported to federal regulators on April 4 and involved the practice’s network server. Initially, a breach report filed on March 6 with the Texas attorney general indicated that the incident impacted 90,000 Texas residents. However, the group has since informed Maine’s attorney general that a total of 140,121 individuals were affected, including nine residents of Maine.
The data that was compromised in the incident includes a range of sensitive information such as names, government-issued ID numbers (including passports and state ID cards), medical records, health insurance details, and dates of birth. The breach notice filed with the Texas attorney general revealed that the cybercriminal group Qilin listed over 3,000 files totaling 42 gigabytes of stolen data on its dark web page, with at least six passport images among the leaked information.
A sample breach notice provided to Maine’s attorney general outlined that the security incident was first detected on Jan. 25, with unauthorized access to certain systems occurring between Jan. 23 and Jan. 26. While the investigation carried out by Central Texas Pediatric Orthopedics did not uncover any evidence of misuse of personal or protected health information, it did reveal that the stolen data may have included minors’ names, dates of birth, and X-ray images.
In response to the breach, the practice reported the incident to the FBI and has taken steps to bolster its data security measures. These efforts include implementing additional endpoint detection and response software, resetting all passwords, and rebuilding affected servers. Central Texas Pediatric Orthopedics also expressed its commitment to continuously reviewing and enhancing its existing policies and procedures to defend against evolving cyber threats.
Despite these proactive measures, questions remain unanswered regarding Qilin’s claims on the dark web and whether any ransom was paid by the practice. Dark web monitoring site DarkFeed.io has noted a total of 386 attacks attributed to the Qilin gang as of the latest count.
The potential risks posed to patients, particularly pediatric patients, by cyberattacks targeting healthcare providers have raised concerns among experts. Given the lucrative nature of healthcare records on the black market, children’s data is considered particularly valuable due to their clean credit histories. The prospect of stolen records being misused for fraudulent activities underscores the urgent need for robust cybersecurity measures in the healthcare sector.
As investigations into the CTPO incident continue, national class action law firms have initiated inquiries into possible litigation in response to the breach. This incident is a stark reminder that no organization, regardless of size or reputation, is immune to the growing threat of cyberattacks. With the escalating sophistication of cybercriminals, healthcare providers must prioritize cybersecurity measures to safeguard sensitive patient information and prevent future breaches.
While the challenges posed by cyber threats are daunting, experts emphasize the importance of proactive measures to mitigate the risk of falling victim to malicious attacks. The critical need for strong deterrence measures from the government and a comprehensive review of legislation to address cybersecurity gaps in the healthcare sector cannot be understated. Until decisive action is taken to bolster defenses against cyber threats, the specter of data theft and subsequent litigation will continue to haunt the healthcare industry.