Medical Records from Prospect Ransomware Attack Appear on Dark Web
Medical records extracted during the recent Prospect Medical Holdings ransomware attack are being allegedly offered for sale on the dark web according to social media sources. The notification of the sale has been interpreted as a signal to Prospect Medical Holdings to quickly respond to the hackers’ ransom demands.
On August 3, the Prospect Medical Holdings health system was hit by a ransomware attack that crippled operations at the health system’s 17 hospitals and 166 outpatient clinics. At the time, the perpetrators of the attack were unknown. However, last week, a notice appeared on the Rhysida dark leak site, claiming responsibility for the attack.
The notice also announced an auction of data hacked in the attack – the data consisting of more than 500,000 Social Security Numbers, passports of clients and employees, drivers’ licenses, patient files (profiles and medical histories), financial and legal documents. In all, it is claimed, the sale consists of 1TB of unique files and a 1.3TB SQL database.
The notice was accompanied by several snapshots of the stolen data – some of which has been independently verified as genuine by comparing the snapshots to publicly available records – and a price tag of 50 Bitcoin ($1,298,340). The addition of the price tag has led some sources to comment that the notice is intended to accelerate a ransom payment.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
It is not known at this time whether the sale will proceed or whether Prospect Medical Holdings will give in to the ransom demands. As of this past weekend, some services continue to be suspended and staff in some medical units are still having to rely on paper records. A spokesperson for Prospect Medical Holdings also issued the following statement:
“We have become aware that Prospect Medical data was taken by unauthorized actors, the nature of which is being actively examined. If the investigation determines that any protected health or personal information is involved, we will provide the appropriate notifications in accordance with applicable laws. Because our investigation is ongoing, we do not have additional information to share at this time. We are taking all appropriate measures to address this incident.”