The McAlester Regional Health Center in Oklahoma is facing a serious cyber threat as the notorious ransom group, Karakurt, claims to have stolen a massive 126GB of data, including DNA patient records, from the facility. Karakurt plans to auction off 117GB of the hospital’s sensitive information, with a portion of the cache consisting of 40GB of stolen genetic DNA records.
This alarming theft raises concerns about potential nefarious activities like blackmail and fake paternity results, as well as the potential for discrimination based on medical conditions, affecting employment prospects, insurance premiums, and social stigma.
The targeted hospital, located in McAlester, is a Level III Trauma Center with 21 medical specialties and nearly $250 million in total patient revenue. Despite the seriousness of the situation, the hospital officials have not yet issued a public statement about the breach.
Additionally, Karakurt is also threatening to publish sensitive data stolen from another healthcare entity, the Regional Family Medicine primary care group of Arkansas, which includes +5GB SQL data containing social security numbers, medical reports, bank statements, invoices, and other confidential documents.
The Karakurt threat group is known for its aggressive nature and double extortion tactics and is believed to be an offshoot of the infamous Russian-affiliated Conti group. The group does not seem to target specific sectors or industries but gains access to victims through stolen login credentials or already compromised victims through third-party broker networks.
Karakurt, distinct from other ransom gangs, claims to have stolen data without encrypting compromised machines or files, and they are notorious for relentlessly harassing their victims through emails and phone calls, even extending their harassment to the victims’ employees, business partners, and clients. Their ransom demands have ranged from $25K to $13M in Bitcoin, with payment deadlines usually set to expire within a week of initial contact with the victim.
The self-proclaimed “Sofisticated. Evasive. Deep. Persistent.” group continues to pose a significant challenge for defense and mitigation efforts, and their name, Karakurt, meaning “black wolf” in Turkish, may serve as a fitting description for their elusive and dangerous tactics. The healthcare industry, among others, must remain vigilant in safeguarding against such cyber threats and enhancing security measures to protect sensitive data and patient information from falling into the hands of malicious actors like Karakurt.
