- This topic has 4 replies, 5 voices, and was last updated 1 year, 6 months ago by Tanyawat Saisongcroh.
-
AuthorPosts
-
-
2022-09-20 at 12:54 pm #38188Zarni Lynn KyawParticipant
1.Provide a brief description of the story.
Karakurt ransomware group attacked Methodist McKinney Hospital (MMH) in early July. 360 gigabytes of private information were illegally shared on the darknet. According to the investigation, the leaks included name, address, date of birth, medical history, diagnosis, treatment, medical record number, and health insurance information.2.What is/are the impact of this data breach? Consequences of the data breach.
Karakurt victims have reported being subjected to extensive harassment campaigns by Karakurt actors. In these campaigns, employees, business partners, and customers receive a large number of emails and phone calls warning them to encourage Karakurt victims to negotiate with the actors in order to prevent the dissemination of victim data.3.How did the data breach occur?
On 7/5/2022, the hospital noticed unusual system activity. They quickly took precautions to assure system integrity and launched an inquiry with a third-party firm. An unauthorized actor accessed and copied files from MMH, MASC, and MCRSC systems between May 20 and July 7, 2022. As part of our reaction to this occurrence, they are undertaking a full analysis to ascertain what information was in the relevant systems at the time of the illegal access.4.What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
Although I try to find out the main cause of the data breach (even reading the https://methodistmckinneyhospital.com/wp-content/uploads/2022/08/Revised-Preliminary-Website-Notice_8.3.22.pdf), most website only mentioned its systems have been accessed by unauthorized individuals who removed files containing sensitive data from its systems. But due to it’s name “Karakurt ransomware group” the main cause maybe a ransomware and it was reinforced by the ransom demanded by the Karakurt group to the hospital and sending several communication to their victims.5.How could you prevent this data breach attack?
Implementing multi-factor authentication, using strong passwords, and patching systems on a regular basis are all important preventative measures for healthcare institutions to take against cyberattacks. -
2022-09-21 at 7:15 am #38216Kansiri ApinantanakulParticipant
Thank you for your summary, It’s very comprehensive.
As you mentioned the ransomware. I think this malware might attack via a hole in the user.
Safe internet surfing and awareness of phishing emails might be good ways to protect against this kind of malware.From my experience, I think many of the hospital’s users may surf the internet or access the hospital’s computer for reasons other than working ie. downloading and printing files via their personal email. Website and personal email access blocking might be another way to prevent ransomware
Best,
-
2022-09-24 at 4:53 pm #38314Hazem AbouelfetouhParticipant
Thank you Zarni for sharing. I would like to add that all sensitive information especially PHI should be encrypted similar to passwords in most systems. For example, The medical history, diagnosis, and treatment will be less valuable if it is not linked to a personal ID/name.
-
2022-09-24 at 5:10 pm #38318SaranathKeymaster
Agree to you all. Thanks.
-
2022-09-24 at 9:02 pm #38327Tanyawat SaisongcrohParticipant
Thank you Zarni for sharing. Hackers usually look for any possibility of the security weakness. Besides the prevention method that you mentioned, some issues might be added, such as implementing a recovery plan, employing network segmentation, updating antivirus software and operation system itself or even disable unused ports in the system.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here