On Wednesday, January 19, the International Committee of the Red Cross (ICRC) revealed that hackers broke into their servers and accessed the data of over 515,000 people who were “highly vulnerable.”
The attack targeted a company in Switzerland contracted to store the user data, forcing the Red Cross to temporarily halt a program called “Restoring Family Links” that reunites families separated by violence, migration, or other tragedies.
“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure,” said Robert Mardini, the ICRC’s director-general. “We are all appalled and perplexed that this humanitarian information would be targeted and compromised.”
Mardini pleaded directly with the hackers, asking to keep the information confidential. “The real people, the real families behind the information you have now, are among the world’s least powerful,” he said. “Please do the right thing. Do not sell, leak, or otherwise use this data.”
The ICRC does not know who carried out the attack, but there’s no sign that any compromised data has been shared publicly, according to their media release.
Elizabeth Shaw, a Red Cross spokesperson, said that their top priority is to work with ICRC delegations “to find ways to inform individuals and families whose data may have been compromised, what measures are being taken to protect their data, and the risks they may face.” She also said that “ransomware” was not involved in the attack.
In 2021, Check Point Software saw a 71% increase in the number of cyberattacks on the healthcare industry, averaging roughly 830 attacks per week, according to Ekram Ahmed, a spokesperson for Check Point Software. He stated that the healthcare industry is one of the industries most targeted by threats. “We expect the trend of threat actors targeting healthcare organizations to only continue as we go into 2022,” he said.