A criminal data breach at a Las Vegas hospital has led to the personal information of around half a dozen victims being exposed online.
REvil, a notorious hacker group, posted last week on its website images of Nevada driver’s licenses, passports and social security numbers belonging to patients at University Medical Center, according to the Las Vegas Review-Journal
“This type of attack has become increasingly common in the healthcare industry, with hospitals across the world experiencing similar situations,” said the hospital in a statement. It added that it will offer “access to complimentary identity protection and credit monitoring services.”
The hackers gained access in mid-June to a hospital server with the data. While there is no evidence that any clinical systems were accessed, patients and employees are being notified that their personal information may be at risk.
A motivation for the attack has not been determined, but Brett Callow, a threat analyst for cybersecurity firm Emsisoft, told the Review-Journal that posting data online is typically done to pressure organizations into paying ransoms. REvil is well-known for leaking patient data if it is not paid. It most commonly deploys Sodinokibi, a malware that is responsible for about 14% of attacks, according to Becker’s Hospital Review
The exact number of patients affected remains unknown.
Law enforcement is currently investigating the incident.