Cyber criminals have compromised Fertility Centers of Illinois (FCI) and laid their hands-on 80,000 intimate patient data. The US Department of Health and Human Services (DHHS) report shows that the actual FCI data that was compromised is of 79,943 individuals.
As per FCI report, the breach was detected on its internal systems on Feb 01, 2021. After an investigation of the attack, it was found that the FCI security protocols have blocked the attackers from accessing the medical records of the patient but they managed to sneak and find the admin files.
The FCI conducted further forensic and analysis on the accessed files and found that FCI specific patient records have been the one that was compromised. However, the misuse of the data has not been seen yet. The PII details associated with the compromised data could be very sensitive and can be very harmful if used for malicious intent.
Although the exact modus operandi of the attack is no known, the compromised data include patient names, social security numbers, credit/debit card details, diagnosis and treatment reports, medication, prescription, bank account details, passport information, employee ID numbers, bills, health insurance numbers, master patient index, patient login credentials, and few other medical data.
Actors have compromised these sensitive and intimate data, and the same could have a huge value in the dark web. A similar case was seen in Las Vegas, when a hacker breach PII medical data and was sentenced to 12.5 years of prison, the data was used to claim Department of Defense and Administration benefits.
Adding to the investigations put forth by FCI team, they started employee security practices and training to enhance their security posture.
“Please be assured that we have invested considerable resources to ensure that such a vulnerability does not exist in the future” – FCI.
In recent years, the healthcare industry has been the sweet spot for cyber criminals as the benefits are massive. The recent Apache Log4j vulnerability had made things even more simple for the threat actors, as the healthcare industry is also patching and fixing the Log4j vulnerability for past few weeks.
The DHHS Task Group issued a report on how devastating the Log4j vulnerability could be for healthcare organizations if not taken care properly.
Since the attackers are deploying double- and triple-extortion ransomware attacks, the compromised data can be encrypted, sold and also deleted giving the attackers multiple levels of leverages and ransom demands from the victims.
As per Jake Williams, Co-Founder and CTO at BreachQuest, the FCI’s compromised devices and data could have been outside of their network monitoring and security layers without proper data protection protocols in place.
The data could have been outside of their EHR system as well, which should have been a sweet spot for the actors. When a proper domain and MFA authentication are in place, cases like FCI data breach could have been avoided.
Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.
You can reach out to us via Twitter or Facebook, for any advertising requests.
Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…
Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…
Discover the top 11 log management tools for efficient system management and monitoring. Learn about…
Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…
Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…
Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…