Cabrini Hospital became a victim of a cybercrime, it was found that a syndicate has hacked and scrambled the medical files of about 15,000 patients from a specialist cardiology unit and demanded a ransom.
Some patients were told that their files had been lost but were not given any explanation and others have turned up for appointments for which the hospital had no record.
The online gang responsible for the data breach demanded a ransom be paid in cryptocurrency before a password would be provided to break the encryption.
According to the reports, a payment was made, but some of the scrambled files have not been recovered, among them patients' personal details and sensitive medical records that could be used for identity theft.
TPRM report: https://scoringcyber.rankiteo.com/company/cabrini-health
"id": "cab22516223",
"linkid": "cabrini-health",
"type": "Ransomware",
"date": "02/2019",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 15000,
'industry': 'Healthcare',
'name': 'Cabrini Hospital',
'type': 'Healthcare'}],
'attack_vector': 'Unknown',
'data_breach': {'number_of_records_exposed': 15000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal details',
'Medical records']},
'description': "Cabrini Hospital's specialist cardiology unit was targeted by "
'a cybercrime syndicate that hacked and scrambled the medical '
'files of about 15,000 patients and demanded a ransom.',
'impact': {'data_compromised': ["Patients' personal details",
'Sensitive medical records'],
'identity_theft_risk': True,
'operational_impact': ['Appointment records lost',
'Patient files lost']},
'motivation': 'Financial Gain',
'ransomware': {'data_encryption': True,
'ransom_demanded': True,
'ransom_paid': True},
'threat_actor': 'Online Gang',
'title': 'Cabrini Hospital Ransomware Attack',
'type': 'Ransomware Attack'}