Healthcare data of US Congress members sold on dark web | Cyber Intelligence Briefing: 10 March

Top news stories this week

1. Code red. US Congress members’ data sold on dark web following breach at insurance marketplace.
2. A new low. Ransomware groups release photos of cancer victims and student data.
3. Cold calling. Thousands scammed by artificial intelligence voice technology.
4. Delicate operation. Barcelona hospital targeted by cyber attack.
5. Emotet returns. New campaign sends fake invoices as replies to existing email chains.
6. Gotcha! German and Ukrainian police arrest DoppelPaymer ransomware group members.
7. Stuffed chicken. Chick-fil-A suffers automated credential stuffing attack.

1. Healthcare data of US Congress members sold on dark web

An online forum allegedly sold healthcare records of US Congress members, their families, and dependents, following a breach at DC Health Link insurance marketplace. The leak included 170,000 customers' healthcare records, containing social security numbers, employer names, and contact details.

Although IntelBroker, the initial seller of the data, is understood to be financially motivated, the buyer is unknown. The sensitive nature of the data has raised national security concerns.

So what?

Depending on the sensitivity of any breached data, individuals should consider ongoing credit monitoring to mitigate the risk of impersonation by malicious actors. 

2. Ransomware gangs use new extortion technique

Ransomware gang ALPHV, also known as BlackCat, has published clinical photos of breast cancer patients on their leak site. They described the images as “nude photos” in a bid to pressure Lehigh Valley Health Network into paying the ransom.

Separately, the Medusa ransomware group released a video showing data stolen from Minneapolis Public School District, which included students’ grades and payroll information.

So what?

Threat actors continue to seek new methods to pressure victims. Conducting a ransomware readiness assessment can build resilience and improve preparedness. 

3. Threat actors trick victims with AI-generated telephone calls

AI-powered voice simulating technology is now being utilised by threat actors to deceive victims into paying them money by impersonating their loved ones in distress over phone calls. The US lost USD 11 million to such scams in 2022.

So what?

Individuals should be cautious when answering calls from unknown numbers, especially when a demand is being made. If demands of this nature are made, the individual should always verify the claims by contacting the suspected victim through another communication channel.

4. Operations cancelled after Barcelona hospital cyber attack

A cyber attack on the Clinic de Barcelona has led to the shutdown of the facility's clinics, laboratories, and main computer systems. The incident also forced the cancellation of 150 nonurgent operations and 3,000 routine checkups. The hospital is working to restore its systems and has assured that no patient data was compromised or stolen.

So what?

Healthcare providers should ensure they have a documented and tested business continuity plans in place to avoid major disruption to patient care in the case of a cyber attack. 

5. New Emotet email campaign 

After a three-month hiatus, the Emotet malware operation has returned with a new email campaign using fake invoices as a lure, sent as a reply to an existing email chain. Emotet can steal a victim's emails and contacts or download further payloads such as ransomware.

So what?

The malicious payloads are designed to evade detection by antivirus solutions. Never open unexpected attachments on emails and seek confirmation from the sender if in doubt.

6. German and Ukrainian police arrest ransomware group members 

The German and Ukrainian Police have arrested two individuals suspected of playing key roles in the DoppelPaymer ransomware group. The group extorted USD 30 million in ransom payments between 2019 and 2021.

So what?

Recent international law enforcement operations have disrupted ransomware operations, but threat actors are resilient. Backing up critical data, keeping systems updated with latest security, and implementing endpoint protection measures remain important when addressing the risks that ransomware poses.