November 20, 2024 at 09:24PM
A data breach at a French hospital compromised medical records of 750,000 patients, linked to a hacker known as ‘nears’. The threat actor claims access to over 1.5 million patient records and is selling access to multiple hospitals’ systems. Exposed data includes personal and medical information, raising phishing risks.
### Meeting Takeaways:
1. **Incident Overview**:
– A data breach occurred at a French hospital, compromising the medical records of **750,000 patients**.
– The threat actor, known as **’nears’** (previously **near2tlg**), claims to have access to records of over **1,500,000 patients** across multiple healthcare facilities in France.
2. **Breach Details**:
– The attacker breached the **MediBoard** system, provided by **Software Medical Group**, which offers Electronic Patient Record solutions in Europe.
– Softway Medical Group confirmed that a **MediBoard account was compromised**, but emphasized that it was due to **stolen credentials**, not software vulnerabilities or misconfigurations.
3. **Hospital Responsibility**:
– The compromised data was not directly managed by Softway Medical Group but was **hosted by the hospital** itself.
– According to Softway Medical Group, access was gained through a **privileged account** in the hospital’s infrastructure, leveraging standard software functions, not due to implementation errors.
4. **Threat Actor’s Activities**:
– The hacker began **selling access** to the MediBoard platform for several French hospitals, offering sensitive data including healthcare and billing information, patient records, and appointment management.
– As proof of access, records of **758,912 patients** were put on sale, which included personal details such as full names, birthdates, addresses, phone numbers, email addresses, physician information, prescriptions, and health card history.
5. **Risks and Implications**:
– The data exposure poses significant risks, including potential **phishing**, **scamming**, and **social engineering** threats for the affected individuals.
– There is a concern that even if the data remains unsold, it could be leaked online, increasing vulnerability to cybercriminal activities.
6. **Next Steps**:
– Continuous monitoring of the situation and the compromised accounts to assess the full scope of the breach.
– Communication with impacted patients is essential to mitigate risks associated with data exposure.
### Action Items:
– Review security protocols for credential management in healthcare settings.
– Consider deploying additional security measures to safeguard patient data.
– Keep stakeholders informed of ongoing developments in this situation.