Ransom Denied, Black Shadow Leaks Israeli Medical Data
The pandemic seems to be waning, but the assault on health and medical institutions continues; Black Shadow hackers are right there in the thick of it, reportedly leaking the medical records of 290,000 Israeli patients stored in the directory of the Machon Mor medical institute hosted by CyberServe.
Included in the cache was data about patients’ blood tests, treatments, gynecology appointments, CT scans, ultrasounds, colonoscopies and vaccinations for flights abroad among other information, according to a report by The Times of Israel.
“The most dangerous of breaches are those that have a medical connection, and the Black Shadow group has reportedly done exactly that, releasing both records and appointments for 290,000 Israeli patients,” said Saryu Nayyar, CEO at Gurucul. “The lack of protection for patients by hospitals and other medical facilities continues to remain troubling.”
“Medical records deserve a much better level of protection than they are allocated today. If we can’t provide that level, at a minimum we have to monitor medical systems and databases to be able to retain people’s confidence in their data,” said Nayyar. “Losing confidence means losing the battle to keep our health information private. Medical facilities simply aren’t protecting and managing their data to the extent that should be required.”
Protecting health care data “is often understated. In particular, where it relates to information such as this, whose unauthorized release can be personally devastating to the individuals concerned,” said Approov CEO David Stewart.
“As demonstrated in two research reports that we published in 2021, there is still much work to do in the security of health care systems,” Stewart said. “We hope that organizations that handle all types of health care data will redouble their efforts to make their security best-in-class to avoid more incidents like this one.”
Iran-based hacker group Black Shadow has been busy. The Machon Mor leak follows a leak of data earlier in the day from Atraf, an LGBTQ+ dating site.
The report said the malicious actors uploaded the file to a Telegram channel, after their $1 million ransom demand went unanswered. “If we have $1 million in our wallet in the next 48 hours, we will not leak this information and also we will not sell it to anybody. This is the best thing we can do,” the group allegedly wrote.
A message accompanying the leaked data read: “48 hours ended! Nobody send us money. This is not the end, we have more plan.”
In addition, the miscreants uploaded screenshots of purported ransom negotiations that allegedly showed Black Shadow rejecting an offer of half its ask—$500,000. However, CyberServe disputed that account, claiming it didn’t negotiate with the gang. The hosting company was recently in the hot seat after the Israeli government warned it was primed for attack. Israel’s National Cyber Directorate said in October 2021 that CyberServe was put on notice multiple times.
To thwart the hackers, Telegram blocked six messaging channels after the Tel Aviv Magistrate’s Court ordered it to do so.
Black Shadow is well known in Israel after it orchestrated a huge breach of Shirbit, an Israeli insurance company, last year, followed by a similar attack on KLS Capital. In both cases, the hackers leaked client information.
