Ransomware hackers attack organ transplant organization; medical details of thousands of people are leaked

US-based non government organization Midwest Transplant Network issued a statement to acknowledge a data breach due to a ransomware infection that would have affected over 17,000 people. Ransomware operators compromised the affected systems this February, managing to lock several implementations.

As you may remember, ransomware is a variant of malicious software that blocks access to infected systems and then requires victims to pay a ransom in exchange for restoring everything to normal. These payments are typically made in cryptocurrency, and the attacks often involve the theft of confidential information as well.

In its letter sent to affected users, Midwest Transplant Network mentioned that the treath actors were able to access confidential information, mainly records about health of deceased organ donors and potential receivers, including details such as:

  • Full names
  • Dates of birth
  • Blood type
  • Organs for donation
  • Transplant procedures

It is not known if the organization decided to pay the ransom or whether they will restore the affected systems using their backup resources.

The Midwest Transplant Network concluded its statement by adding that they have no reason to believe that the criminals sold or otherwise disseminated the compromised medical data. A letter informing families of the incident was sent only last week, as “the organization wanted to accurately compile a list of victims.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.