fbpx
Dallas, TX
Sunday, October 2, 2022
70°
English Español

Fine Print

English Español

Russian Hackers Allegedly Breach Local Hospital Data

State

Computer Warning | Image by Shutterstock

Donate to Dallas Express to Keep it Free

Russian hackers allegedly breached Methodist McKinney Hospital and two of the company’s surgical centers’ computer systems earlier this summer, exposing patients’ social security numbers, medical history, and more, hospital officials said Tuesday.

An “unauthorized actor” accessed computer systems that held data for Methodist McKinney Hospital, Methodist Allen Surgical Center, and Methodist Craig Ranch Surgical Center, according to a notice posted on the hospital’s website.

The Karakurt gang, a group of Russian hackers, has reportedly boasted on the dark web about acquiring 367 gigabytes of data from the hospital and two surgical centers, according to CBS 11.

The alleged breach happened on July 5 when hospital staff “became aware of unusual activity on certain systems,” at which point the hospital “promptly took steps to better ensure the integrity of the systems” and then began investigating what happened, the notice stated.

The investigation revealed that the hacked data was from May 20 to July 7, and files were copied during the hacking.

The hackers gained access to files that contained patient names, addresses, Social Security numbers, dates of birth, medical history information, medical diagnosis information, treatment information, medical record numbers, and health insurance information, according to the notice.

Cyber security experts said this should never have happened if the proper protections were in place.

“That’s a serious privacy security risk for the patients, so this is a pretty large breach,” cyber security expert Andrew Sternke told CBS 11.

He said the hackers could use the stolen information to harm patients in multiple ways.

“To mess with your finances, to potentially blackmailing individuals regarding very private healthcare information … there’s a lot of potential,” he said.

It is unknown how many people’s data was affected. The hospital is notifying people whose information was accessed as it is learned.

The medical facilities said they reported the cyberattack to federal law enforcement. The hospital is also “reviewing and enhancing existing policies and procedures” for preventing cyberattacks.

The hospital did not confirm how the hackers gained access to the data, but experts say it is likely the result of human error.

“It’s the human element that often get[s] social engineered by one of these hackers to give up information, which will then eventually be used for unauthorized access to the system,” Sternke said.

The hospital advised anyone whose information may have been accessed to monitor their credit accounts for fraud.    

We welcome and appreciate comments on The Dallas Express as part of a healthy dialogue. We do ask that you be kind. Kind to each other and to everyone else in your comments. For more information, please refer to our Complete Comment Moderation Policy.

Subscribe to Comments
Notify of
guest

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
RiverKing
RiverKing
1 month ago

30+ years in IT, mostly as a mainframe Systems Software Engineer, tells me that the fault lies with those who install and maintain the hacked system.

The alleged breach happened on July 5 when hospital staff “became aware of unusual activity on certain systems,” at which point the hospital “promptly took steps to better ensure the integrity of the systems” and then began investigating what happened, the notice stated.” In other words, they locked the barn door after the horse was stolen.

Most Read