Ransomware attackers hit 2 providers, post patient information and photos online: 5 details

Two plastic surgery providers were recent targets of a ransomware attack that led to patients' information being posted online, according to a Cointelegraph report.

Five things to know:

1. Maze recently hacked the records of Bellevue, Wash.-based plastic surgeon Kristin Tarbet, MD, and Asheville Plastic Surgery Institute.

2. Maze has posted the names, addresses and social security numbers of Dr. Tarbet's patients online. The group also posted patients' before-and-after surgical procedure photos.

3. The group also targeted Asheville (N.C.) Plastic Surgery Institute and published stolen data online including patient names, date of birth, insurance details and implant order forms in addition to before-and-after photos.

4. In the past, Maze has attacked two targets in the same industry and has a history of leaking sensitive information if organizations don't pay the ransom demanded. Maze has previously demanded $2 million to decrypt data and destroy its copies of it.

5. To execute its ransomware attacks, Maze typically enters the system through easy-to-crack credentials or unpatched remote access systems, according to the report.

More articles on cybersecurity:
BJC HealthCare reports employee email breach exposes PHI for 19 facilities: 5 details
Former Lurie Children's employee wrongfully viewed 4,824 patient records
The IT behind hospitals' battle with COVID-19: How tech maximized efficiency amid rapid workflow changes

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.