750,000 hospital patient records were exposed in a massive data breach, and a hacker claimed access to 1.5 million of them.
An unidentified hospital in France has revealed a serious data breach that compromised the private medical records of about 750,000 patients. A threat actor using the identity "nears" (formerly known as "near2tlg") carried out the breach and claims to have targeted several healthcare facilities nationwide. The hacker claims to have over 1.5 million patient records, and he blames the breach on unauthorized access to Softway Medical Group's MediBoard electronic patient record (EPR) system. Healthcare practitioners around Europe utilize MediBoard extensively.
The origin of the breach
Although Softway Medical Group acknowledged that a MediBoard account had been compromised, they made it clear that this was not the result of a software flaw or incorrect setup. Rather, the hack took advantage of credentials that were obtained from a hospital privileged account.
Softway Medical Group stressed in a statement to the media that the hospital, not their business, was hosting the impacted data. In a letter to French media, Softway Medical Group stated that it was not the host of the compromised health data.
"Our software is not at fault," a spokeswoman added. The attacker was able to take advantage of the solution's typical capabilities since a privileged account within the client's infrastructure was hacked. This isn't because of human error or problems with software implementation.
The Sale of Stolen Data
After the hack, the threat actor started promoting access to MediBoard accounts for a number of French hospitals, such as Hôpital Privé de Thiais, Clinique Jean d'Arc, Clinique Saint-Isabelle, Clinique Alleray-Labrouste, and Centre Luxembourg. Additionally, 758,912 people were impacted by the attacker's selling of patient data from the unnamed institution.
The stolen data reportedly includes: Full names, Dates of birth, Gender, Home addresses, Phone numbers, Email addresses, Physician details, Prescription histories and Health card usage information. The hacker claims to have shared the data with three potential buyers, although no confirmed sales have been reported.
Hazards to Patients
There are serious hazards associated with disclosing such private information, such as identity theft, phishing attempts, and other social engineering techniques. The risk that the data will be exposed online even if it is not sold increases the danger to those who may be impacted.
Concern Over Healthcare Cybersecurity Is Growing
This incident demonstrates the ongoing weaknesses in healthcare systems and the urgent need for strong cybersecurity defenses. The abuse of privileged accounts emphasizes how crucial it is to put robust authentication procedures in place and maintain ongoing watchfulness for credential theft.
To lessen the harm and guarantee responsibility, authorities will probably start looking into the breach. Affected individuals are encouraged to take precautions to safeguard their personal information and to be on the lookout for any strange messages in the interim.
Follow cyberdeepakyadav.com on
Facebook, Twitter, LinkedIn, Instagram and YouTube
What's Your Reaction?
