A new hospital hack by ransomware specialists should not make us forget the data they may have stolen. ZATAZ shows you what happens to staff and/or patient information. And she’s not pretty.
DAX Hospital, Vitry-le-François Hospital, Castelluccio Hospital, and Arles Hospital Centerat recent days Hospital group Cœur Grand-Est, Corbeil-Essonnes Hospital Center, or EPHADs. In short, the hacks that resonate particularly well, they target health institutions, thus forcing men, women and children to change centers of care. In France, public institutions will never pay the ransom demanded by hackers.
First, there is no money. After that, the requested funds are not included in the voting budgets for the current year!
With regard to private installations, the situation is completely different. ZATAZ has seen healthcare experts pay hackers silence. In the United States for example, we are in 2016 in Los les, Hollywood Presbyterian Hospital You will pay over $170,000 For his digital captors. Yesterday, like today, hackers steal and copy all the data they come across on their malicious visit. But if a company, healthy or not, public or private, doesn’t pay, what happens to that data?
Data gallery among hackers
Dozens of people, whether they are journalists or not, have asked me the same question. What happens to the hacked data? Whether it is information belonging to employees, patients or partners, hackers will sift through, analyze and use it.
Through use, you will open up more options for their malicious marketing. Email addresses will be used The future is in phishing attacks and ransomware.
Phone numbers can be exploited for CPF scams, for example.
health data? Analysis of malware to be exploited in search of political figures or the economic and industrial world. Here, everything will be possible: spying, scams, setting up a fake conversion scam (FoVI), etc.
Hackers can also, quite simply, Resell the data they’ve sorted. One example, among the many hacking websites that ZATAZ Watch monitors on behalf of individuals and companies: Cœur Grand Est Hospital Group – GHT (CH Haute-Marne, Saint-Dizier or even Vitry-Le-François, to name a few). martyred them).
On the GHT website, a message related to a call to the vigilance of users. Impossible to click the window, I have to find the “News” page. Either, but it’s really not practical for the average user.
So I go to the news page, and … there is no information about it. I was going to hit the second page, but an error prevents me from reading the potential alert from the hospital group. Instead, a brief 404 error message appears: The page you are looking for does not existIn short, an Internet user will not spend as much time as me to find information.
And on the pirate side, is there any news? Unfortunately yes !
The ZATAZ monitoring service managed to find all the information stolen by the extortionists. After claiming without much thought a ransom of more than 1 million euros, the hackers changed their tactics and decided to sell the stolen data piece by piece, file by file.
The hackers collected this information on April 17 and 18, 2022. They were talking about patients’ personal data, social security numbers, passport scans, banking information, email, phone numbers, etc. Five months later, what will happen to the personal data stolen by hackers? Bank details and other bank identification statements stolen from GHT sell for $4 each. access to “class” files; $4 per PDF. Obtaining diplomas: $4. sick file? 4 dollars (and there are hundreds). passport ? 4 dollars.
As you understand, the data is sorted, used and resold. Nothing will be able to stop this forward leak of personal data. You find Suggest my analysis on CNews channel antenna or on Radio France International or France Info.
ZATAZ monitoring service monitors more than 300,000 hacker spaces (Discord, Telegram, IRC, Blackmarket, Malicious Groups) And it won’t take 365 days to find some data stolen from these malicious places.
What to do?
Quite frankly, not much. CNIL recalled in February 2021, after discovering ZATAZ and more than 400,000 health data had been stolen by a hacker, that “ Responsible bodies are obligated to inform data subjects individually that their data has been compromised and published onlineIs it still necessary for the company to know what was stolen from it!
For customers/patients/partners: file a complaint, inform your bank, mutual insurance company, family, doctor, nurse, change your identity document (CNI, passport), email, phone (and all restrictions related to such changes), address Postal (impossible), hospital, social security number (impossible), etc.
In short, you will realize that there is only so much to do Make sure that this data is not exploited by hackers !