Subj : Hospital cyberattack exposes data on nearly a million patients To : All From : TechnologyDaily Date : Thu Nov 21 2024 11:15:05 Hospital cyberattack exposes data on nearly a million patients Date: Thu, 21 Nov 2024 10:48:06 +0000 Description: Electronic patient record software account was compromised and used to steal sensitive data. FULL STORY ======================================================================A hacker advertised access to a number of French healthcare organizations A few hours later, they tried selling sensitive data grabbed from some of them More than 750,000 people were apparently exposed A cyberattack against a French hospital has resulted in the theft of sensitive data on almost a million patients. A threat actor with the alias near2tlg took to the infamous hacking community BreachForums to offer access to multiple establishments, including Centre Luxembourg, Clinique Alleray-Labrouste, and a couple of others. They claimed that the offering granted access to sensitive data belonging to 1.5 million people, including patient records, billing, and other data. Compromised account Two hours later, the same actor posted a new thread, selling French hospital data. The compromised information allegedly included peoples names, dates of birth, gender, postal addresses, cities, postal codes, phone numbers, and email addresses. Furthermore, the archive contained information on attending physicians, prescriptions, death declarations, and more. They said that 758,912 users were affected, and that the breach was done through Mediboard. Mediboard is an Electronic Patient Record (EPR) solution, developed by Softway Medical Group. The company confirmed the breach to local media, but stressed that the attack did not come as a result of a vulnerability, but rather as a result of stolen credentials. "We want to emphasize that the affected health data were not hosted by Softway Medical Group," they said. In a statement to BleepingComputer , the company said that the compromised account had elevated privileges: "We can confirm that our software is not responsible, but rather, a privileged account within the client's infrastructure was compromised by an individual who exploited the standard functions of the solution. "This hypothesis has been substantiated. It is therefore neither due to improper implementation of the software nor human error." At press time, there were no confirmed buyers, but healthcare information is usually highly regarded among cybercriminals. They can use it for a wide variety of crime, from phishing, to identity theft , wire fraud, and more. You might also like US government sanctions massive proxy botnet operation that offered free VPN services Here's a list of the best firewalls today These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/hospital-cyberattack-exposes-data-on-ne arly-a-million-patients --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .