Health data stolen in Texas may be published on the dark web


McKinney Methodist Hospital in Collin County, Texas, Allen Methodist Surgical Center and Craig Ranch Methodist Surgical Center were victims of a ransomware attack on July 5, the hospital system announced on July 29.


They didn’t pay the ransom, according to a new CBS report in Dallas-Fort Worth. The culprit, data extortion group Karakurt, stole 360 ​​gigabytes of data instead of locking down the healthcare system’s IT infrastructure.

According to the hospital publication notice, information in the affected systems included names, addresses, social security numbers, dates of birth, medical history information, medical diagnosis information, treatment information, medical record numbers, and details of Health Insurance.

The hospital confirmed that an unauthorized actor accessed certain systems between May 20 and July 7 and copied certain files. A third-party company conducts a detailed investigation of the information present at the time of unauthorized access.

“We notify individuals as they identify the information, and that process is ongoing,” the hospital said in the statement, as it advised patients to take steps to protect personal information. in light of the data breach.

This is what they are likely to have to do – if and when information is released on the dark web – a known practice in the Karakurt Team, according to a June alert issued by the Cybersecurity and Infrastructure Security Agency.

Karakurt victims have not reported encrypting compromised machines or files; instead, Karakurt actors claimed to have stolen data and threatened to auction it off or make it public unless they receive payment of the demanded ransom,” CISA said in the alert. .


Cybersecurity breaches in healthcare systems are on the rise and tens of thousands of patient records have already been posted on the dark web.

Two weeks ago, Dallas-based Conifer Revenue Cycle Solutions reported that a cloud-based email account was hacked in January, exposing patient information associated with six hospitals. Since Conifer submitted his breach, more than 25 new breaches of unsecured protected health information have been added to the US Department of Health and Human Services. case investigation list.

A The joint Federal Bureau of Investigation and CISA announcement on August 11 warned that Zeppelin ransomware targeting healthcare is gaining access to victim networks by exploiting vulnerabilities in the SonicWall firewall and through phishing campaigns.


“Information security is one of our highest priorities, and we have security measures in place to protect the information in our custody. We responded quickly when we became aware of this event by taking steps to secure our systems and initiate a thorough investigation. We are also reviewing and improving existing policies and procedures and implementing additional safeguards to further secure the information in our systems. In addition, we have reported this event to the federal law enforcement,” the hospital said in the data breach announcement.

Andrea Fox is the editor of Healthcare IT News.
Email: [email protected]

Healthcare IT News is a HIMSS publication.

Comments are closed.