The cybercriminal group Maze attacked the network of Hammersmith Medicines Research, a London-based medical research company, on March 14. The group then leaked the personal data and medical details of thousands of former patients online, according to ComputerWeekly.
HMR is one of several London firms situated to conduct medical trials for COVID-19 vaccines.
Beyond the despicable nature of the attack, of note is that Maze had made a public vow on March 18 not to target the medical industry in the midst of the coronavirus pandemic, saying they would “stop all activity versus all kinds of medical organizations until the stabilization of the situation with the virus.”
Hospitals and the healthcare industry at large are regularly in the crosshairs of cybercriminals, as these organizations house personally identifiable information (PII) that can be lucrative for criminals. Such institutions must also regularly fend off ransomware attacks that encrypt critical systems, which can disrupt medical equipment and hinder patients from getting timely care. Paying the demanded ransom in such cases is not advisable, but often happens because victims feel desperate, hastily paying because it is a quick route to a solution.
While HMR is not a hospital, it works as a service provider within the healthcare industry. The timing of Maze’s attack thus resonates as being particularly offensive in the wake of COVID-19 becoming a pandemic.
Prevailion won’t tolerate such attacks on critical infrastructure. Targeting weaknesses in hospitals and healthcare services is unconscionable, even in the best of times. But on top of the current pandemic crisis, with hospital staff stretched thin, it is inhumane, and could lead to loss of life.
“Hospitals are understaffed and overworked and not paying attention, and then if you hit the hospital with an attack, like a ransomware attack, you’re going to debilitate an environment pretty heavily,” said Prevailion CEO Karim Hijazi. “Prevailion chooses targets based on who chooses to attack the innocent and vulnerable. They are now in our crosshairs.”
Prevailion has real-time visibility on cybercriminals as they conduct global attacks like these, and we are doing everything we can to assist authorities in bringing criminals to justice. In February, we worked with U.S. law enforcement officials to coordinate efforts to mitigate a pandemic WordPress threat, and we will continue to do so in the future.
Using our platform, organizations can view their active and historical cyber contagion or search their third-party network for similar threats. We show evidence of actual cyber compromises—continuously. That kind of visibility isn’t available anywhere else.
Prevailion is offering healthcare organizations free, unlimited access to our Apex platform of compromise intelligence through May 4, 2020. Sign up today.
Introduction: Prevailion’s Adversarial Counterintelligence Team (PACT) is using advanced infrastructure hunting techniques and Prevailion’s unparalleled visibility into threat actor infrastructure creation to uncover previously unknown domains associated with UNC1151 and the “Ghostwriter” influence campaign. UNC1151 is likely a state-backed threat actor  waging an ongoing and far-reaching influence campaign that has targeted numerous countries across […]
Prevailion CEO, Karim Hijazi, comments on lacking White House cybersecurity efforts Karim Hijazi lays out why Biden’s cybersecurity strategy lacks innovation and effectiveness to deal with modern adversaries already inside companies around the globe.