Data breaches in healthcare settings

Main article: Data breaches

2024

The data of hundreds of thousands of users of the Maksavit online pharmacy was leaked

On October 11, 2024, it became known that cybercriminals had penetrated the IT infrastructure of the Maksavit Internet pharmacy. There was a leak of personal data of hundreds of thousands of users. Read more here

Data of millions of users of the Russian Internet pharmacy "PharmaciesPlus" was leaked

On August 22, 2024, it became known that cybercriminals stole information from the database of a Russian Internet pharmacy aptekiplus.ru. The attackers had personal information about millions of customers at their disposal. Read more here.

2.7 TB of data from American patients was posted on the Internet. Now they are being lured out of money

In early September 2024, it became known that almost 2.7 TB of confidential data of Americans were in the public domain for an unknown time. Having received a security notice, the owner of the database removed it from public access, but before that any hacker could use this data for targeted phishing and fraud. Read more here

400GB of data from London patients were in the public domain because hospitals did not want to pay the ransom

On June 21, 2024, the National Cybersecurity Center of Britain (NCSC), part of the Government Communications Center (GCHQ), reported that hackers had posted personal data of London patients on the Internet. As a result of the ransomware attack, approximately 400 GB of information was stolen. Read more here

Hacking drug prescription management company leaks data of 2.8 million Americans

At the end of May 2024, the American drug prescription company Sav-Rx reported a data breach of more than 2.8 million customers, which occurred in October 2023. Read more here.

2023

The data of hundreds of thousands of clients of the network of medical laboratories "LabQuest" was leaked

On December 15, 2023, it became known that unknown cybercriminals hacked the information infrastructure of the LabQuest network of medical laboratories. At the disposal of the attackers were personal data on hundreds of thousands of customers of the company. Read more here.

Error in Excel spreadsheets led to data leakage of pregnant women and cancer patients

hospitals Cambridge University - The University of Cambridge More than 22,000 patients were victims that occurred data breaches between 2020 and 2021. In both cases, the organization itself referred, data responding to requests made under information the Freedom of Information Act (FOIA) of 2000. Confidential information remained visible in spreadsheet summary tables. Excel This became known on December 8, 2023. More. here

Fresenius Medical Care stolen data of 0.5 million patients and employees as a result of a cyber attack

On December 6, 2023, the German company Fresenius Medical Care, one of the largest suppliers of products and services for patients with chronic kidney failure, reported a hacker invasion. The attackers managed to steal personal information about about 500 thousand patients and employees. Read more here.

Henry Schein, one of the world's largest providers of medical devices, shut down its services around the world for a month due to a powerful cyber attack

On October 15, 2023, Henry Schein, one of the world's largest suppliers of medical devices, reported a wave of powerful cyber attacks. Due to the hacker invasion, it was necessary to disable IT services around the world for about a month, and the attackers had a large amount of confidential information at their disposal. Read more here.

The database of patients of the Russian Railways-Medicine clinic got into open access

At the end of October 2023, it became known about the leakage of data from one of the clinics of the Russian Railways-Medicine network. We are talking about a medical institution in Vladivostok, according to the Telegram channel "Information Leaks." Read more here.

Hacking of genetic service 23andMe: Complete DNA information of millions of users is on sale

On October 6, 2023, 23andMe reported a cyber attack in which attackers were able to steal confidential information about a huge number of customers of this genetic platform. The stolen data is for sale on hacker forums. Read more here.

Johnson & Johnson's medical IT platform has been hacked by hackers. They accessed data from patients with serious medical conditions

On September 6, 2023, IBM announced that unknown attackers had gained unauthorized access to the Janssen CarePath database, a specialized patient support platform. Read more here.

The hole in the PO IBM caused one of the largest leaks of medical data of Americans

On August 11, 2023, the Colorado Department of Health Policy and Financing (HCPF) reported one of the largest leaks of American medical data. At the disposal of cybercriminals was confidential information about more than 4 million patients. Read more here.

The data of tens of thousands of customers of the KDL medlaboratory network was leaked

A file allegedly containing data from clients of the KDL clinical diagnostic laboratory network got into open access. This was announced at the end of July 2023 by the Telegram channel "Information Leaks." Read more here.

Data of millions of customers of the Helix medlaboratory network was leaked

On July 20, 2023, it became known about the leakage of data from millions of customers of the Helix network of medical laboratories. Roskomnadzor initiated the check. Read more here.

HCA Healthcare admitted to data breach of 11m patients and told how it happened

On July 10, 2023, one of the largest hospital networks in the United States, HCA Healthcare, reported a hacker invasion. As a result of the attack, the personal data of approximately 11 million patients was leaked. Read more here.

The largest leak in the history of the British Ministry of Health. 70 TB of HCP and patient data stolen

At the end of June 2023, the cybercriminal group BlackCat, also known as ALPHV, announced the hacking of Barts Health NHS Trust, a division of Britain's National Health System. The attackers stole a total of approximately 70 TB of confidential information. Read more here.

The data of hundreds of thousands of customers of the Vita pharmacy chain was leaked

In June 2023, it became known about the leakage of data from customers of the Vita pharmacy chain. Responsibility for this cyber attack was claimed by the pro-Ukrainian hacker group DumpForums. Read more here.

The biotech company Enzo Biochem stole data from clinical trials of 2.5 million people. It was attacked by a ransomware virus

On May 30, 2023, the American biotech company Enzo Biochem announced a hacker invasion that stole confidential information about 2.5 million patients. A preliminary investigation showed that the hack was carried out using a ransomware program. Read more here.

Hackers made public the data of 8.9 million patients of one of the largest dentistry network in the United States, which refused to pay a ransom of $10 million

On May 26, 2023, MCNA Dental (Managed Care of North America), one of the largest providers of dental and health insurance services in the United States, reported a hack of its information infrastructure. Cybercriminals stole data on approximately 8.9 million patients. Read more here.

How cybercriminals bypass antiviruses using Google services

On May 23, 2023, Point32Health, one of the largest insurance companies in the United States, reported cyber warfare, as a result of which attackers stole the medical data of millions of Americans. Read more here.

Leakage of hundreds of thousands of customers of the Citilab network of diagnostic laboratories

On May 22, 2023, it became known about the leakage of data from clients of the Citilab network of clinical diagnostic laboratories. She was told in the research company Data Leakage & Break Intelligence (DLBI), specializing in information leaks. Read more here.

Hackers posted on the Internet "classified" documents about the Russian vaccine Sputnik V

In mid-March 2023, it became known that cybercriminals posted hundreds of documents on the Internet related to the development and clinical trials of the Sputnik V vaccine for the prevention of coronavirus infection COVID-19. Read more here.

Ransomware hackers hacked into a network of clinics and began publishing photos of Americans with cancer in an attempt to get a ransom

In early March 2023, it became known that ransomware hackers from the Alphv group hacked into the Lehigh Valley Health Network and began publishing photos of Americans with cancer on the Internet in the hope of getting a ransom. Read more here.

One of the world's largest DNA testing companies will pay $400,000 for a data breach

At the end of February 2023, litigation between prosecutors from the states of Ohio and Pennsylvania and DNA Diagnostics Center, which provides DNA testing services, ended in the United States. The latter will have to pay a large fine. Read more here.

3.3 million people affected by ransomware attack on Regal Medical Group

On February 14, 2023, it became known that a ransomware attack on Regal Medical Group, a California health care provider, stole the personal and protected medical information of more than 3.3 million people. Read more here.

Data of millions of customers of Zdravsiti pharmacy was leaked

On February 2, 2023, it became known about the leakage of data from users of the Zdravsiti Internet pharmacy. According to the Telegram channel "Information Leaks," the database put up for sale on the shadow forum contains more than 8.9 million unique phone numbers and almost 3.4 million unique email addresses. Read more here.

2022

Personal data and commercial information were most often leaked from medical organizations

With information leaks in 2022, 20% of organizations from the healthcare sector faced most often leaking data (45%) and commercial information (64%).

This was shown by the results of a survey conducted by the company SearchInform"" among INFORMATION SECURITY specialists and information security directors the Russian medical of organizations. The company announced this on February 16, 2023.

In addition, health facilities often recorded risky behavior (e.g., theft of medical equipment or dissemination of negative information) by employees (64%) and third-party staff employment (24%). Compared to 2021, the number of incidents when dismissed workers try to harm the organization has decreased. In 2022, 17% of respondents declared such cases against 34% in 2021.

Most often (81%) ordinary employees became violators, 35% of companies recognized the perpetrators of incidents - heads of directions and line managers. Compared to 2021, the proportion of violators among top managers increased in medical organizations - from 3% to 9%.

27% of organizations noted an increase in external incidents in 2022, 36% were unable to estimate this indicator. As for internal incidents due to the fault of employees, their number is gradually decreasing. In 2021, 19% of medical organizations recorded an increase in the number of incidents due to insiders, and 11% in 2022. The share of those companies that found it difficult to answer this question is still high. This may be due to an insufficient level of equipment with protective equipment and a lack of IB-personnel in organizations.

As for the damage from incidents, 31% of respondents noted that they assess it as a threat of disruption of business processes, only 14.5% consider the losses from the incident as the amount of the fine for it. 13% of respondents consider the monetary equivalent for critical types of information. More than half (56%) of medical organizations assess damage subjectively, this is due to the specifics of medical institutions and the fact that information security disorders can directly affect the health of patients. At risk may be not only personal data in which unscrupulous advertisers, insurers and sellers of dietary supplements are especially interested, but also medical equipment and IoT devices.

24% of respondents announced an increase in budgets for information security, while 65% of companies left funding for information security unchanged, 11% cut budgets.

The motives for the defense have also changed. In 2021, 75% of companies introduced protective software in order to avoid regulator sanctions, in 2022 there were fewer such companies - 62%. At the same time, 38% of companies called the main motivator for protecting the real needs of the organization in information security.

With the adoption of new regulations, the problem with IB-personnel became very acute in the country as a whole, but in the healthcare sector this complexity is "chronic." An information security specialist in a hospital is still a rarity, and the problem is unlikely to be solved quickly.

The reasons why medical data are increasingly in the public domain are poor technical equipment of protective solutions and a lack of IB-personnel. According to the results of the survey, it turned out that only 24% of organizations in 2022 had a dedicated information security unit and only 17% of organizations had already formed this department. But I am glad that the situation with information security in the healthcare sector, although not quickly, is changing. For example, in 2022, medical organizations most often allocated an additional budget for: extension of license keys (80%), purchase of new equipment and software (56%) and payment for technical support (42%), - commented Alexey Parfentiev, head of analytics at SearchInform.

The result of the survey showed that 80% of organizations train information security literacy employees, but more than half of them (70%) believe that employees should independently gain knowledge by reading job descriptions, another 39% of companies noted that they periodically make mailings describing new types of cyber threats. Only 2% of medical organizations conduct cyber training and 25% use free resources for training.

Over the year, the share of attacks on medical institutions was 9% among all organizations

Positive Technologies experts highlighted the main events in the field of cybersecurity for 2022 and gave a forecast of what threats should be expected in 2023. Representatives of Positive Technologies shared information about this on January 13, 2023. Experts' assessments are based on global data, the company's own expertise, the results of investigations, as well as on data from authoritative sources.

According to the company, medicine is the leader in data leaks. For the fifth year in a row, medical institutions have remained in the top three most attacked industries: in 2022, the share of attacks on them was 9% among all organizations, and the number of attacks is approximately at the level of 2021. Medical institutions most often became a source of data leaks among organizations. In more than 80% of cases, attacks led to leaks of customer data (mainly personal data and medical information). The systems of medical institutions contain large amounts of data, and usually criminals can receive a full name, date of birth, physical address, phone number, account details and card numbers, insurance information, driver's license number, email address, medical history, health data and other medical information. Read more here.

A hospital in California was attacked by hackers. Electronic medical records are disabled, doctors fill in everything manually

In mid-December 2022, information appeared that the San Gorgonio Memorial Hospital, a medical facility in California's Riverside County, was subjected to a hacker attack that leaked personal information], and computer systems had to be turned off. Read more here

More than 31 million patient records of clinics and laboratories stolen in Russia

In Russia, in the first nine months of 2022, more than 31 million patient records of clinics and laboratories were stolen, which is 775 times more than a year earlier. This is evidenced by data from InfoWatch (specializing in corporate solutions for protecting against information leaks), released at the end of November 2022.

According to these statistics, in January-September 2022, 8 medical organizations suffered from data leaks. The largest amount of lost data fell on Gemotest (30 million network customers were affected).

Separately, analysts note an increase in intentional data losses: the share of deliberately stolen databases containing information about Russian patients increased from 58.3 to 87.5%.

The share of incidents in the healthcare sector involving hackers has doubled compared to last year, follows from the InfoWatch report. Now it is 75%.

The founder of the service DLBI Ashot Hovhannisyan explains the increase in the volume of leaks in the healthcare sector with a general increase cyber attacks in the number after the outbreak of hostilities on, To Ukraine as well as with a "traditionally low" level cyber security in this sector. The Chief information officer of the medical company "" Invitro Vladimir Fedin agrees with the last thesis: according to him, the costs of should cyber security increase.

If private and state medical organizations do not abandon the model of allocating funds for cybersecurity "according to the residual principle," emphasizes Andrei Arsentiev, head of analytics and special projects at InfoWatch, the trend of growth in information leaks will continue.

Until negotiable or "reaching the Western level" fines are introduced, the business will not have an incentive to fully solve the problem of data leakage, said Igor Bederov, head of the Internet Search company.^[1]

AstraZeneca patient data leaked due to password accidentally forgotten on GitHub

On November 3, 2022, the pharmaceutical giant AstraZeneca called the "user error" the reason why a list of credentials left on the Internet for more than a year opened access to confidential patient data. Read more here.

Police arrest 19-year-old cybercriminal who hacked Dutch health services portal

The 19-year-old hacker was arrested in the west by Netherlands local police. He is suspected of hacking systems and stealing tens of thousands of documents from Carenzorgt.nl, the Dutch medical service portal. This became known on October 26, 2022. Carenzorgt is used by 9,023 health facilities and nearly half a million users. The portal allows patients to make appointments, communicate with the attending physician and store all of their own medical data in one place.

According to the company Nedap, which discovered the activities of a young cybercriminal, the stolen documents could contain the personal and medical data of patients of various institutions. However, it is not yet known whether the hacker shared the stolen or tried to sell everything as soon as possible to other hackers.

Police hit the trail of the attacker after receiving a message from Carenzorgt time and are currently examining evidence collected during the arrest at the suspect's home.

According to Nedap in its press release, she became aware of the vulnerability in Carenzorgt on October 17, 2022, after which the company's specialists immediately closed the security gap and investigated the possible consequences of its use. Thanks to this, they managed to find out that she had recently been used by a cybercriminal to steal documents stored from Carenzorgt.

The alarming find led Nedap to contact law enforcement and warn the security services of medical institutions using the hacked portal about the incident.

There is good news - the company's specialists have not yet found any evidence that the stolen documents were leaked to the network, but the investigation into this issue is still ongoing ^[2]

Colombia's pharmaceutical regulator shut down servers due to ransomware virus attack

On October 3, 2022, the Columbia National Institute for Food and Drug Surveillance (INVIMA) reported a massive cyber attack that disrupted the agency's information infrastructure. Read more here.

The hacker put up for sale the data of 48.5 million residents of Shanghai. They are stolen from the COVID application

On August 12, 2022, it became known that a database containing personal information of 48.5 million Shanghai citizens was put up for sale on the Internet. We are talking about Suishenma QR Code health passports. Read more here.

"Hemotest" was fined due to the leakage of customer data

At the end of July 2022, the World Judicial District of the Novogireevo District in Moscow fined Gemotest 60 thousand rubles for leaking personal data of patients. Read more here.

There was a leak of data from customers of the Gemotest network of medical laboratories

In early May 2022, it became known about the leakage of these customers of Gemotest. A large network of medical laboratories began checking. Read more here.

American Dental Association targeted by Black Basta ransomware

April 27, 2022 it became known what American Dental Association (ADA) was to cyber attack used. As a extortionate ON result of the incident, she had to disconnect part of her IT network, which disrupted the work of online services, phones, email and chat.

The leak site Black Basta has published 2.8 GB of information allegedly stolen from the ADA as a result of a cyber attack. Read more here.

The darknet sells a database of QR codes vaccinated from the Ministry of Digital Development application

At the end of January 2022, it became known that a database of 48 million COVID-19 coronavirus vaccination certificates appeared on sale. The seller of this file on the darknet asks for $100 thousand for it. Read more here.

2021

About a third of medical organizations around the world leak patient data during a telemedicine session

The vast majority of medical organizations providing telemedicine services use ancient equipment with outdated operating systems for this. According to Kaspersky Lab, this carries a direct risk of patient safety and personal data. This became known on December 30, 2021.

According to statistics from the Laboratory, ON about 73% of medical organizations operate outdated and iron. 32% of institutions admitted that in 2021 cyber security they faced various problems due to "holes" in the software they use. A third of them (33%) experienced experience, data breaches 32% collapsed -, another DDoSattacks 32% experienced the possibilities of modern ransomware.

There are many among medical institutions, and those who allowed the leakage of personal data of customers directly during the telemedicine session. According to Kaspersky Lab analysts, these have gained 30%.

The Laboratory compiled its statistics with the participation of specialists from the research company Arlington Research. The survey was attended by employees of medical organizations from, Europe,, and North America Russia countries CIS other regions in the world. In total, the study covered 389 institutions from 34 countries around the world. 170 companies have a staff of more than 1000 people, the remaining - from 50 to 999 people.

Representatives of medical organizations that confirmed the use of outdated software and operating systems expressed several reasons why companies have not yet decided on an update. The most popular of these is money. 73% of respondents said that the OS update is not carried out due to the high cost of switching to a more current version of it.

In second place (29% of survey participants) was the problem of compatibility of programs used in work with updated OS versions. For example, software written under Windows XP cannot always run correctly and work under Windows 11. Windows XP was released in November 2001, and its support was discontinued in April 2014.

17% of respondents said that in their organization simply no one knows how to upgrade the system. Another 18% cited other reasons.

Outdated operating systems that do not receive security updates are far from the only problem in medical institutions that increases the risk of leakage of personal data of patients. 29% of companies willingly share medical information with third parties or individuals for marketing or medical research. Moreover, they send this data in clear text, without passwords and encryption, often even by e-mail.

54% of the survey participants said that their companies use services for telemedicine sessions that are not intended for this at all. As an example, they cited the usual user messengers Facebook Messenger and WhatsApp, the proprietary video conferencing service Apple FaceTime, as well as Zoom Meetings.

Representatives of medical organizations around the world, for the most part, doubt the readiness of their institution to ensure the security and confidentiality of data in the event of a cyber threat. Only (30%) of respondents are confident that their company will be able to effectively resist hacker attacks and penetration into its systems.

Slightly higher confidence among survey participants (34%) that their organizations have adequate hardware and software protection. 38% believe that the institution has several backups of all data, including accounts and documents.

At the same time, 42% of respondents said they were not sure about the correctness of the processing of personal data in their organization. Another 42% agree that most doctors do not have a clear idea of ​ ​ how their patients' data is protected.

According to Kaspersky Lab, despite all the risks, telemedicine still has a good chance of becoming an important part of the global healthcare industry. Much of the medical community agrees that telemedicine and medical technology will thrive and push the entire field toward development. 71% believe that it is telemedicine that will benefit the health sector the most in the next five years compared to other technologies.

37% of respondents believe that technology will completely replace doctors in the next 20 years. 48% of respondents also believe that new solutions will be so advanced that they will be able to predict the cause and even the year of death in advance.

Experts consider the collection of personal patient data to be one of the most important aspects of the development of medical technologies. 67% of respondents said that it is necessary to increase the amount of data collected in order to use it to train artificial intelligence and apply it in the diagnosis of diseases.

However, 48% of respondents believe that state and ethical restrictions lead to the collection of highly fragmented personal medical data, which will worsen the learning ability of artificial intelligence and reduce the accuracy of its diagnoses. 51% of respondents say that they will not fully rely on artificial intelligence, especially if it concerns their relatives. 57% admitted that they are afraid of hacker attacks on robotic surgeons, which can lead to injuries to patients during operations^[3].

Hacking of a gynecological clinic in Primorye

In December 2021, it became known about the hacking of computer systems of the private medical center "Fifth Point," located in the city of Artem, Primorsky Territory. Read more here.

Data of tens of thousands of patients of the Russian drug treatment clinic Verimed put up for sale

In December 2021, the data of tens of thousands of patients of the Russian drug treatment clinic Verimed were put up for sale. Roskomnadzor began checking. Read more here.

Hacking of U.S. pharmacy chain CVS Health

In mid-June 2021, one of the largest pharmacy chains in the United States, CVS Health, was hacked. The hackers posted a database of a billion 204 GB records on the network, which contains production records with visitor IDs, session IDs, information about access to various devices, as well as a logging system on the server. These records also included requests for drugs, COVID-19 vaccines and various CVS products with links to both CVS Health and CVS.com. Read more here.

Initiation of a criminal case after the leakage of data from Muscovites who have recovered from COVID-19

On March 23, 2021, it became known about the initiation of a criminal case after the leakage of data from Muscovites who had recovered from COVID-19.

On this fact... a criminal case was initiated on the grounds of a crime under Part 1 of Art. 273 of the Criminal Code of the Russian Federation ("Creation, use and distribution of malicious computer programs"), - says the response of the head of the Moscow Department of the Ministry of Internal Affairs Oleg Baranov to the request of Alexander Khinshtein. A copy of the response is posted on the parliamentarian's Telegram channel.

According to the Moscow department of the Ministry of Internal Affairs, by March 23, 2021, operational-search measures and investigative actions are being carried out aimed at exposing persons involved in illegal activities.

We are talking about a data leak, which was confirmed in December 2020 (the media wrote about the leak of information of 300 thousand Muscovites, the authorities confirmed 100 thousand). It was noted that the transfer of data to third parties was allowed by employees who were engaged in the processing of service documents. The check then did not reveal hacking of the systems of the Moscow government.

The company's experts Group-IB linked the leak "with an insufficient level of maturity of organizations acting as operators of such data."

Storing such information in Excel tables and other files without authorization, passwords, access policies and other basic principles of personal data protection in 2020 is like hiding, closing your eyes, and thinking that no one sees you. "Digital hygiene" should be in every medical institution, in every organization related to medicine or data, no matter how obvious it may sound, "a company representative said in an interview with RBC.

According to him, such personal data can be used for calls, targeted mailing and other types of attacks using social engineering methods.^[4][5]

Stolen Pfizer data on COVID-19 vaccine published on the Web

The network published stolen data Pfizer about. COVID-19 vaccine This became known on January 13, 2021. More. here

2020

Losses of medical institutions from data leaks increased by 10.5%, to $7.13 million - Varonis

In 2020, the average loss of medical institutions from data leaks amounted to $7.13 million, an increase of 10.5% compared to the previous year. This is evidenced by data from Varonis, a company specializing in information security.

According to experts, attacks on healthcare organizations in 2020 have gained unprecedented scope: hundreds of hospitals were victims of Maze and Ryuk ransomware, companies have become targets for independent hacker groups and professional teams. Hackers pursued various goals - from extortion to theft of COVID-19 research results. The insider threat also grew, which, combined with human error, caused mass leaks of confidential data.

According to the study, more than 11 million files are available to an employee of a medical organization on average. Moreover, the smaller the company, the less restrictions on access to files in it. In small medical organizations, 25% of files are available to an ordinary employee. In large organizations, this figure is about 16%.

Varonis analysts pay attention to such a problem as the presence of phantom accounts in the organization's infrastructure - unused, but still active. They are a convenient way for a hacker to imperceptibly navigate the company's file structure and access critical internal systems. According to the information security company, in the healthcare sector, 77% of companies use accounts with perpetual passwords, and 79% of organizations in the system have over 1000 "ghost accounts" active.

The report also said that the so-called health-care leak lifecycle - from carrying out an attack to detecting it and dealing with the consequences - reached a record 329 days in 2020. ^[6]

Candid photos of 900 GB patients were stolen from the largest British network of beauty clinics

At the end of December 2020, it became known that hackers stole data from a 900 GB British network of beauty clinics and threaten to publish candid photos of patients before and after surgery. The Transform Hospital Group network of clinics confirmed the ransomware virus attack and informed the police about the violation. Read more here.

Data leakage of 300 thousand Muscovites who have recovered from COVID-19

On December 9, 2020, it became known about the leakage of data from 300 thousand Muscovites who had had COVID-19 coronavirus. The city authorities began checking.

According to Readovka, on the night of December 9, 2020, unknown persons posted their full names, addresses, information about the course of the disease, analyzes and other patient data on the Internet, as well as keys to the accounting system for coronavirus patients.

The newspaper noted that closed chats of hospitals, access to which was also opened by attackers, were "promptly removed." The archive with patient data was posted on Google Docs, from where anyone could download it.

Medusa also told about a similar find. According to Readovka, the database is spreading virally on the Web and is already on dozens of resources, thematic forums and chats.

Baza writes that the information could have been stolen from the computer of a medical professional. After the publication of data on the leak, access to some Telegram chats and Google tables began to be limited.

At the moment, the Moscow authorities are checking information about leaks of personal data of Muscovites who have had coronavirus. The results of the check will be announced additionally, - said in the message of the capital's operational headquarters for control and monitoring of the situation with the coronavirus.

Readovka journalists called people from the "merged" database. Dozens of Muscovites confirmed that they had indeed taken tests for COVID-19. According to the publication, most of the array belongs to the first wave of the pandemic, but the archive that appeared on the network also contains more up-to-date information with data from Muscovites for November 2020.

As of December 9, 2020, a total of more than 665 thousand cases of coronavirus infection were registered in Moscow. More than 507 thousand patients recovered.^[7]

On the evening of December 9, 2020, the Moscow authorities confirmed the leakage of personal data of local residents who had recovered from COVID-19. The reason for this was the human factor, hacks and other unauthorized interference in the work of information systems of the government of the capital was not, said the head of the Moscow Information Technology Department, Eduard Lysenko.

Personal data of 243 million people leaked from the Ministry of Health of Brazil to the Network

On December 3, 2020, it became known that flowed away data there were 243 million Brazilians on the Web. The reason for the leak was violations of the rules storages of credentials for access DB to the Ministry. As health care Brazil it turned out, the credentials were contained in the code of the page-portal of the Ministry Internet of Health. And as a result of a malfunction in the information system of the department, personal data ones got into the public domain.

According to the Brazilian publication O Estado de S. Paulo, Network the names, addresses of residence, identification taxpayer numbers and phone numbers of both citizens registered in the system and state medical insurance customers of private companies that have taken out health insurance have leaked.

The above data was in the public domain for six months. Among those affected by the leak are Brazil's chief executive, legislative and judiciary, ministers and other dignitaries.

At the end of November 2020, personal and medical data of 16 million Brazilians infected with COVID-19 leaked to the Network. The reason for the leak was an oversight by an employee of one of the medical institutions in São Paulo. Brazilian President Jair Bolsonaro was also among the victims of the incident.^[8] More details here.

25 data leaks infected with cornavirus registered in Russia

Russia In the first half of 2020, 25 data leaks infected with cornavirus were registered. COVID-19 They affected 35.5 thousand Russians. This is evidenced by the data. InfoWatch 

According to Andrei Arsentiev, head of analytics and special projects at InfoWatch, most cases are leaks of data from individuals or lists of several tens or hundreds of people.

In Russia, all leaks occurred due to the fault of people who had access to the information resources of organizations, for example, hospitals, airports, etc. Around the world, the number of such leaks is three quarters, another common reason is hacker attacks.

Unfortunately, an analysis of incidents for the first half of 2020 showed that the health sector, immersed in the fight against the pandemic, could not ensure the protection of the fundamental artifact of the digital era - personal data of citizens, including information protected by law on the state of health. At the same time, leaks of information about patients and contact persons dealt a very serious blow to people, - said Arsentiev.

According to him, at best, "the victims of the leak were expected by the annoying attention of neighbors and fellow countrymen, at worst, sick citizens and persons with suspected coronavirus became objects of persecution and persecution.

According to InfoWatch, in 64% of cases worldwide, personal data related to coronavirus have been compromised in the form of lists. Lists of patients were photographed and distributed using instant messengers or groups on social networks. Some leaks were caused by managers accidentally sending data to incorrect email addresses.

The remaining share of leaks (35.8%) occurred as a result of hacking data warehouses, illegitimate access to them, accidental disclosure of information due to incorrect server settings or errors in applications.^[9]

2019

CT and MRI images of 24 million people with surnames hit the Internet

In mid-September 2019, it became known that CT and MRT images of 24 million people from 590 online archives of medical images were made publicly available. It is believed to be one of the biggest leaks of sensitive medical data.

Personal data, including the names and last names of people, were discovered in the public domain by the German cybersecurity firm Greenbone Networks. It turned out that a huge number of X-ray, MRI and CT images were practically in the public domain even without password protection. The leak occurred through old servers using a 1980s protocol-based image archiving and transmission system. This protocol was developed to store digital images, but did not involve an Internet connection .

Greenbone Networks found that medical images came online along with detailed personal data - records included names, dates of birth, dates of examinations and their results, doctor appointments, clinic addresses, and patient social security numbers. Such a leak violates not only the European Patient Data Protection Provision, but also the Health Insurance Accountability Act, requiring the preservation of medical data confidentiality.

Cybersecurity experts believe that soon, due to the growing use of unprotected or poorly configured cloud systems, hackers will not even have to hack into databases. There are so many vulnerabilities that sometimes you can stumble upon confidential information that simply lies in the public domain. Software is often developed with the health care organization in mind that it will protect its network, whereas the organization believes that it is the software provider who should ensure its safety. So far, a compromise has not been reached.^[10]

Hackers stole 6.8 million data on patients and doctors in India

Hackers believed to be from China hacked the website of a major Indian health organization and stole 6,800,000 records containing information about patients and doctors. This became known from the Cyber ​ ​ Threats and Healthcare report of the American company FireEye, specializing in cybersecurity, was reported on August 23, 2019 by Zecurion.

The records contain confidential personal data of patients, information about their treating doctors, diagnoses and treatment history. Cybercriminals sell stolen data in underground markets - between October 2018 and March 2019, FireEye analysts discovered several databases that cost more than $2,000.

Also in the report, experts noted that hacker groups based in China began to more often choose medical institutions specializing in the fight against cancer as targets of attacks. According to the analyst company, this reflects the growing concern of the PRC about the increase in cancer incidence and mortality in the country, and can also help reduce government spending on health care.

Another likely motivation for hackers is financial. The PRC has one of the fastest growing pharmaceutical markets in the world. Access to research by international companies creates lucrative opportunities for Chinese firms. This could allow Chinese corporations to bring new drugs to the market faster than Western competitors, according to a FireEye report.

The head of the Zecurion analytical center Vladimir Ulyanov believes that data on the participation state of Chinese structures in the activities of hackers are greatly exaggerated and financial motives for attackers still come first.

Medical organizations have been among the leaders in personal data leaks for many years. This is due to the fact that on the black market the cost of medical information is about 10 times higher than the price for financial information, for example, account and credit card numbers, "said Vladimir Ulyanov, head of the Zecurion analytical center. - For fraudsters, the value of any information is determined by how much money can be raised for it. And there are many schemes for monetizing patient data. First, the information can be resold both in its original form and collected into databases. Secondly, patients, for example, insured under the VHI program, can be lured to service in other medical institutions. Thirdly, you can receive money directly from the patients themselves.

2018

The number of compromised personal data records has grown to 27 million

On March 18, 2019, InfoWatch presented basic data on leaks of confidential information from healthcare institutions in 2018.

In 2018, the InfoWatch analytical center registered 429 leaks from various medical institutions around the world: hospitals, clinics, military hospitals, laboratories, pharmacies, medical insurance etc. This is almost 16% more than in 2017. The number of compromised personal data records almost doubled compared to 2017 and amounted to 27 million.

More than 80% of PD records were leaked as a result of external exposure. So, in early 2018, cybercriminals attacked the information system of the Southeast Medical Service of Norway. The data of about 3 million people were stolen, that is, about half of the inhabitants of this Scandinavian country. The Norwegian Information Security Administration does not exclude that the hackers acted by order of a foreign state.

One in three leaks in 2018 resulted from hacker attacks. But the main culprits of leaks in this industry remain employees. They account for 53.7% of reported incidents. For example, in Canada, a former employee of the Alberta Health Systems network illegally gained access to the protected medical data of about 13 thousand patients.

The ratio of intentional and accidental leaks to medicine in was 47.5% and 52.5%. At the same time, among the leaks committed through the fault of employees, the share of intentional incidents is a little more than 20%. Basically, restricted access data is compromised as a result of errors, oversight, negligence. USA In the data, more than 200 thousand patients were left unprotected -. FTPserver The culprit of the leak is MedEvolve, a provider of management ON for medical institutions.

The share of personal data in leaks compared to 2017 decreased from 90.2% to 84.4%. At the same time, in 2018, the share of leaks of payment information increased - from 8.6% to 13.5%. This may be due to the development of commercial medicine and modern forms of payment. In the US state of St. Louis, a nurse from a nursing home used the bank card details of her patients for personal interests. With the money of old people, a woman bought clothes and other things for her family.

More than 45% of leaks in 2018 occurred through the network channel. Next are e-mail (21.1%) and paper documents (20.2%). In the UK, the Well Pharmacy pharmacy chain compromised the personal data of more than 24 thousand employees and local residents as a result of an erroneous e-mail. Such information as names, addresses, phone numbers, email addresses, wage data leaked.

Singapore has the largest cyber attack in the history of the country

In Singapore, hackers attacked the computers of the country's largest group of medical institutions, SingHealth. The attackers managed to steal the personal data of 1.5 million people, including several high-ranking officials, follows from a press release from the Singapore Ministry of Health^[11] in July 2018.

During the attack, hackers managed to steal outpatient prescriptions from 160 thousand people, including Prime Minister Li Hsien Loong and other members of the government. According to representatives of the Singapore authorities, the theft of personal data of the head of parliament was the main goal of cybercriminals.

The attackers stole the data of patients who visited SingHealth medical facilities from May 1, 2015 to July 4, 2018. In particular, hackers managed to get names, document numbers, addresses and dates of birth.

According to members of the Singapore government, this attack is a carefully planned operation.

2017: Number of "qualified" data breaches in Russia doubles

In 2017, the number of personal data leaks registered in the world, including social security numbers, payment card details, specific medical health records, patient records, decreased over the year by 7.7% to 370 cases, at the same time, the volume of data records compromised as a result of data leaks decreased by half compared to 2016 - from 26.8 million records to 14.2 million. In Russia, there was a sharp increase in the number of "medical" leaks - more than twice. This was reported on August 24, 2018 at the InfoWatch Analytical Center following a global study of confidential information leaks from medical institutions.

The authors of the study attribute the decrease in the number of incidents and the volume of leaked records in the world to an increase in the level of protection of medical data in the largest healthcare system in the world - the United States. According to experts, in 2017, more than 80% of US healthcare organizations increased spending on information security (IS). At the same time, the study notes that the development of technologies, including telemedicine, as well as ways to use medical data in electronic form, increases the value of medical information. Therefore, in the near future, the number of leaks of such information and the volume of compromised data in the world will inevitably grow, said InfoWatch analyst Sergei Khairuk.

If in the global picture of "medical" leaks about 30% of incidents were associated with external attacks by attackers, then in Russia all recorded cases were exclusively internal in nature. A classic example for Russia of an internal leak from medical institutions is the "leakage" by employees of hospitals and clinics of data on seriously ill and deceased patients to ritual agents.

The culture of handling information of limited access among medical professionals in Russia is at a fairly low level. In addition, internal attackers in various medical institutions realized that the personal data of patients and colleagues remain without proper control, and such information can be benefited from theft, - said Sergey Khairuk, an analyst at InfoWatch Group. - On the other hand, the informatization of Russian medicine is not yet taking place at a high enough pace compared to the world ones. The development of medical systems today is rather chaotic, clinics are still working with large amounts of information in paper form - these factors make the domestic healthcare sector not a very attractive target for external attackers - hackers, organized cybercrime.

At the same time, the share of intentional information leaks committed by employees of medical institutions in Russia is significantly higher than in the world - 39% versus 30%, respectively, the authors of the study noted.

In Russia and the world, about a quarter of "medical" leaks were associated with qualified actions of attackers - fraud or exceeding access rights to information systems. At the same time, in Russia, the share of such "qualified" leaks in 2017 doubled, while in the world sample this figure practically did not change compared to 2016, indicated in the InfoWatch Analytical Center.

In 2017, only personal data of clients and personnel were compromised in Russian medical institutions, while medical institutions around the world also lost payment information (12.2%) and data that belong to the category of trade secrets and know-how (0.8%).

The study also showed that the Russian distribution of incidents in medicine through leak channels in is significantly different from the world one. Thus, Russia is characterized by a higher proportion of leaks through paper media - 24% against 16% in the world, as well as through instant messages - 19% against 3% in the world.

In general, healthcare organizations occupy one of the first places among all sectors of the world economy in such an indicator as the impact on information assets by internal intruders. It is through the fault of employees, top managers and system administrators of medical institutions that the vast majority of incidents occur, the bulk of records in this area leaks, concluded in the InfoWatch Analytical Center.

The price that the medical industry is forced to pay, eliminating the consequences of information leaks, is constantly increasing, - said Sergey Khairuk, an analyst at InfoWatch Group of Companies. - According to estimates by specialized analytical agencies, the average damage to companies in various industries from each data leak that occurred as a result of the actions of an internal attacker has more than doubled in two years and may reach $8.5 million. As the value of information of medical organizations grows, the number of attackers who seek to take possession of it will continue to grow.

See also

• Data breaches
• Data leaks in the public sector of countries of the world
• Data breaches in Russia
• See TAdviser for DLP Solutions and Projects Catalog
• DLP - Data Loss/Leak Prevention
• What are the scares of data leaks and how to protect yourself from them? TA Details
• Security Incident Management - Issues and Solutions
• Information Protection - DLP Myths and Reality
• Secure e-mail of confidential documents
• DLP Solutions (Russian Market)
• DLP Solutions (Global)
• What if the leak has already happened?
• Cutting and sewing lessons from DLP developers
• DLP: High-Profile Leaks
• Prices for user data in the cybercriminal market

Notes