An Iranian hacking group has released highly sensitive personal information on hundreds of thousands of Israeli medical patients and members of an LGBTQ site, in a purported ransom attack.
The Black Shadow group appears to have obtained the data after targeting Israeli hoster CyberServe, which reportedly refused to pay a $1m ransom.
Tuesday saw the release of medical records on 290,000 patients at Israel’s Machon Mor institute – including info on blood tests, treatments, CT scans, ultrasounds, colonoscopies and vaccinations. The group also published the full database from LGBTQ dating service Atraf, including members’ names, locations, and in some cases, their HIV status.
According to the Times of Israel, multiple other customers of CyberServe were targeted in a similar way, including museums, transportation companies, and tourism firms.
The details were reportedly uploaded to a Telegram channel.
Although it’s unclear how the hosting firm was compromised, Israel’s National Cyber Directorate reportedly warned it “several times” that its IT systems were vulnerable.
While the Black Shadow group demanded ransom payments to prevent full disclosure of the information, it’s unclear whether complying with its request would have worked.
Atraf members, in particular, will be fearing reprisals from ultra-conservative groups and online extortionists.
Gurucul CEO, Saryu Nayyar, described the attacks as “troubling” and said that healthcare organizations (HCOs) must do more to protect patient records.
“If we can’t provide that level, at a minimum we have to monitor medical systems and databases to be able to retain people’s confidence in their data,” she added.
“Losing confidence means losing the battle to keep our health information private. Medical facilities simply aren’t protecting and managing their data to the extent that should be required.”