Finjan finds patient data on hackers' server

In its latest Malicious Page of the Month Report [pdf], Finjan, Inc. reports that it discovered

… a server controlled by hackers (Crimeserver) containing more than 1.4 Gigabyte of business and personal data stolen from infected PCs. The data consisted of 5,388 unique log files. Both email communications and web-related data were among them.

The compromised data came from all around the world and contained information from individuals, businesses, as well as renowned organizations, including healthcare providers.

Within the report, Finjan provides examples of compromised patient data:

The examples below show the open and easy access to the medical and personal data of patients, as well as email correspondence between physicians and healthcare providers and patients as was found on the hacker’s server (Crimeserver). To protect the privacy of parties involved, we filtered out and changed the shown data to ensure anonymity. Below is an example of a log containing a patient’s medical record and history that was stolen from his/her physician’s infected PC:

“Diagnosis=Admitted for IV abx 2nd spinal rod infection. Hx of SMA, wheelchair bound, on bipap c back up rate. ESR increased. Ctx neg. Not getting meds at home. Will need 42 days abx…. low grade fever 2 days ago.”

The next example shows part of a stolen email communication:

“…Attached you will find our personnel file. Please fill it out in its entirety and return via email….These forms are kept confidential and locked up”

The Crimeserver logs contained all kinds of patient information, including personal data, health data, treatment, medications, insurance details, Social Security Numbers, and healthcare providers’ data, including physician’s name.

Due to the fact that the data in this example were HIPAA related, we informed the FBI to take appropriate action.

About the author: Dissent

Comments are closed.