Another healthcare breach exposes hundreds of thousands of patient records

Data breaches in three different locations including Farmington Missouri (48,000 records), Atlanta Georgia (397,000 records) and the Central / Midwest US (210,000 records) allegedly including Social Security numbers, full names, physical addresses, dates of birth and insurance information.

The names of the organizations have not yet been released and the attacker has advised that a “modest” ransom demand was made at each.

$100,000 worth of the records from the Georgia dump has already been sold (no details on exactly what constitutes $100,000 worth but the article does note that someone wanted to buy all of the Blue Cross Blue Shield records specifically).

According to the article, the attacker used an unknown vulnerability (zero day?) in remote desktop protocol (RDP) to gain access and, from that initial access, moved laterally through the network until he found what he wanted / needed.  RDP is a tool that can be used to provide remote access to systems but should never be exposed directly to the Internet but should instead be used over a secure VPN connection.

Leave a Reply