Comparable to hacking team, Ohio medical institutions 223gb critical data disclosure

Friday, August 5, 2016

Ukraine's "pravy sector" hackers have killed several servers of the Ohio State Central urology research group (coug) and released unimaginable amounts of medical data.

A group of Ukrainian hackers, who call themselves pravy sector, disclosed to the media the time and volume of a data leak they caused. Pravy secto used twitter to disclose to the outside world that it had hacked into the server of the Ohio central urology research group (coug), stole a large number of high-density data, and uploaded all the stolen files to the Dropbox cloud disk before making these data public on the Internet.

A total of 223gb coug leaked data of 13 files can be publicly viewed and downloaded

Coug is one of the largest urological practice bases in Ohio, with 28 urologists serving in the main medical system in the Ohio center.

An Israeli data mining company (hacked dB) initially detected the leaked data. They said that the magnitude of the leaked data was the same as that of the hacking team, so they needed some time to get a clear result.

A brief introduction to hacking team. Before hacking team was attacked last year and lost its business license in April this year, it was a company famous for providing malicious and spyware to governments and regimes around the world.

The findings of hacked DB researchers are as follows:

Hacked DB enabled three of their network analysts, Yogev Mizrahi, Atar kochavi and Oren yaakobi scan these data. They can find out the network topology, server terminal details, data information flow, process, firewall configuration details, payment notice, remote app shortcut with server details and other information without password and relevant access server documents.

Payment details

B-ultrasound of patients in leaked data

Coug's LAN settings are publicly visible

A PST file with coug physician details

The leaked data includes 401828 files, including 16646 text documents, 1212 zip packages, 13 rar files, 108 SQL files, 130 CSV files, 10 bak files, 33841 Doc / docx documents, 150325 XLS / xlsx files, 8 videos, 64312 PDF files, 1234 jpg images, 4264 TIF files and 9327. Crypt files.

At present, researchers are scanning payment information and patient medical data stored on coug servers with poor security measures. Hacked DB researchers also located the user name and cleared the text file and the text password inside the document. In addition, the researchers also found that the architecture of the entire data center at design time was also in the leaked data and did not do any security protection.

The medical records of some patients include the historical causes of the current disease, used drugs, history of allergy, history of drug treatment and surgery, history of diagnosis and family history of disease.

Statement of results from hacked DB:

Oren yaakobi, a researcher at hacked dB, told the incident that the leaked data came from the storage system of the hospital, indicating that there might be internal staff of the hospital to assist hackers in this matter. The exposed data content includes: network topology design of the hospital, communication details, login information of multiple servers, internal documents of the hospital, payment information, medical records, medical history of patients, X-ray films, communication details between internal and external colleagues and customers, PST files and backup documents, etc.

In addition, yaakobi added that such data leakage events will have a negative impact on the reputation of the hospital, and may even lead to legal disputes, because it seriously violates the hospital's obligations for the safe storage of patient medical records and personal identity information.

Scott Gordon, chief operating officer of finalcode, told the media that medical institutions are priority targets for hackers. Hospitals should provide adequate protection for sensitive data involved, regardless of data type, user or system data. The leakage of coug shows that the collaborative document of medical system has become a new front line of data leakage.

"With the promulgation of HIPAA and hitech, it support departments of medical institutions need to accept the inevitability of security incidents. Through such a forward-looking position and attitude, as well as the application of encryption and document access control technology to documents (such as more than 100000 office and PDF documents disclosed in this disclosure event), these conventional data can be made more secure, and the disclosed data will be less dangerous. "

If you're still surprised by what's mentioned above, you can learn about a data breach that happened before when a hacker sold 655000 medical records of American patients.

A brief introduction to pravy sector, an extremely right-wing Ukrainian nationalist organization founded in November 2013, and a paramilitary Rebel Alliance in the European square in Kiev. After merging into a political group on March 22, 2014, pravy sector claimed to have more than 10000 members.

Obviously, this is not the first high-profile intrusion of pravy sector. A few months ago, the group announced that it was responsible for the invasion of the servers of the Polish Ministry of defense and asked the Polish government to transfer 50000 US dollars or bitcoin of the same value to their designated bank account to exchange the leaked data from the exchange without its disclosure.