A file containing names and contact details on 491,840 people has made the rounds online since at least earlier this month, according to French cybersecurity journalist Damien Bancal, who runs the Zataz blog. The data includes home addresses, phone numbers, emails, social security numbers and other sensitive medical information pertaining to medications, pregnancy and diseases such as HIV.
While Bancal first noted the hack in a February 14 blog post, AFP and the French daily Liberation followed up more recently, with the latter finding the data was likely stolen from roughly 30 medical labs located around northwestern France.
“We can find this file in seven different places on the internet,” Bancal told AFP on Tuesday, adding that although hackers initially negotiated for the data through a Telegram chat, the stolen material was later released for free after a dispute among the blackhatters.
Though AFP’s requests for comment to French authorities have so far gone unanswered, Bancal observed that the country’s CERT cyber crime agency appears to have acknowledged the breach earlier this month. The outfit posted a notice to the website of the French Ministry of Health warning that login credentials for up to 50,000 “hospital center agents” had been swiped and put up for sale on February 4, adding that while “it is difficult to precisely describe the origin of this leak,” it could allow hackers to access healthcare networks.
Bancal also claims to have personally contacted one of the people still attempting to sell the purloined records through the online blackmarket. He said the person asked for “at least $1,000” for the data, suggesting Bancal could earn “millions” if he “spread ransomware through these addresses,” but noted the individual sounded like a “low-level hawker” and did not appear to be familiar with the French healthcare sector.
Though most involve smaller troves of data than the recent theft in France, hacks on medical institutions are not exceptionally rare, with one dark web hacking collective snatching some 900 gigabytes of data from a British plastic surgery chain late last year, vowing to release patients’ “before and after” photos unless a ransom was paid. Just weeks prior, American authorities warned of an “imminent” wave of cybercrime on hospitals around the US. While officials gave no indication of Russian involvement, the notice triggered an outpouring of media reports casting blame on none other than Moscow, most relying on the word of a single analyst in place of evidence.
If you like this story, share it with a friend!
© 2021, paradox. All rights reserved.
