Skye Witley reports:
Pilfered snapshots of patients baring their bodies ahead of life-saving cancer operations and plastic surgeries are unexpectedly landing in the vast landscape of the public internet after cyberattacks, as hackers seek new ways to turn a profit.
Campaigns to extort victims during ransomware attacks against health-care providers are evolving, according to lawsuits and Bloomberg Law interviews with cybersecurity attorneys and threat researchers. No longer satisfied with targeting hospitals and clinics alone, cyber criminals are directly targeting patients, demanding payments as modest as $50 to prevent the publication of intimate photos and sale of other sensitive medical records on the dark web.
Witley’s article mentions a number of recent cases, all of which have been reported in more detail on DataBreaches.net over the years if readers are seeking more information on them.
The first known instance of direct patient extortion targeted tens of thousands of Finnish psychotherapy patients in October 2020, leading researchers to conclude the tactic “puts additional pressure on the company to pay the ransom,” in a paper published by Harvard’s Belfer Center for Science and International Affairs in May 2022.
As DataBreaches.net has reported, attempts to directly extort patients are not new, and began even before the Finnish psychotherapy incident.