Almost Two Terabytes of Data Involved in St. Rose Hospital Data Breach
Table of Contents
- By Steven
- Jan 04, 2023
People familiar with data security are aware of the problems associated with hospital security. It doesn’t matter how extensive the hospital’s systems are, how hard it is to hack, or how many precautions are in place. There will always be someone skilled or patient enough to access the internal systems. What people often disregard is that it’s less of a question as to if you’ll be hacked versus when.
How Did the Attack Occur?
The attack was carried out by the ransomware group BianLian, which rose to prominence in October 2022. The group posted what they alleged to be 1.7 terabytes of personal information about St. Rose patients. Speculation finds that the hack most likely happened in November or December 2022, as the files contained patient details from October of the same year.
What Information Was Viewed or Stolen?
The list of stolen information is extensive and a cause for concern.
- Business data
- Financial data
- Phone numbers, addresses, social security numbers, and birthdays of patients and staff
- Drug overdose and harassment reports
- Building plans
- Patient scans and other medical information
- Email archives
- SQL databases and backups
Any of this information individually would be hair-raising and dangerous; the combined magnitude of the stolen information has many patients and employees worried for their and their loved ones’ safety.
How Did St. Rose Admit to the Breach?
St. Rose has yet to comment on the breach, as it was discovered by DataBreaches.net, known as “the office of inadequate security.” The news outlet often peruses TOR browsers for information about data breaches and hacks and often finds out about breaches long before the entity that was hacked does. DataBreaches.net reached out to BianLian for comment but has yet to receive word.
What Will Become of the Stolen Information?
The information is already for sale on the dark web and BianLian’s site. The group stands to make tons of money from this breach. However, there is mild speculation that BianLian didn’t commit the breach itself but rather an amateur wished to amp up their reputation by selling – or gifting – the data to a better-known entity. Either way, BianLian is likely a trusted seller in their particular market, meaning that the information will sell quickly and for a large sum.
What Should Affected Parties Do in the Aftermath of the Breach?
After a breach of this magnitude, more options are available for victims than one might think. The first thing to remember is that the hacker(s) can access your phone number (and possibly your email). This means they could call or message you in a phishing attempt, so be aware of any odd messages or phone calls. Next, you should invest in credit monitoring because your social security number and financial details are involved. Third, there are device monitors you can get that will alert you to attempted scams; for example, you get a seemingly normal email and click on the included link. These software titles will tell you if the site is safe, protecting you from scams and malware attempts. There are other precautions you may take, but these are just some of the simplest and fastest.