Argentina’s public healthcare system has suffered a significant setback due to a ransomware attack conducted by the Medusa group. The attack targeted the IT networks of Hospital de Alta Complejidad El Cruce “Néstor Kirchner” in Florencio Varela, Buenos Aires Province, leading to the loss and compromise of over 760GB of sensitive data. The hospital’s official website is currently offline as its IT department works to manage the aftermath of the breach. This attack is a severe blow to the hospital’s operations, affecting its ability to provide services and manage patient information securely.
The Medusa group has demanded a ransom of $200,000 in Bitcoin in exchange for deleting the stolen files. The deadline for the ransom payment is set for February 6, putting pressure on the hospital and its authorities to decide how to respond. The attack has drawn attention to the vulnerabilities within the healthcare sector, which has increasingly become a prime target for cybercriminals. Hospitals and healthcare facilities have been facing heightened risks of such breaches, which can lead to significant disruptions in services and the loss of private data.
Among the data exposed in the attack, over 650,000 lines of information were found, with many of the file names referencing Protected Health Information (PHI) such as diagnostic images and laboratory test results. This personal health data is linked to patients who have received care at Hospital El Cruce over the years. Additionally, the exposed data includes Personally Identifiable Information (PII), such as patients’ names, dates of birth, passport numbers, driver’s licenses, and full addresses, making it particularly sensitive and valuable to malicious actors.
The attack highlights the growing threat of cybercrime targeting healthcare systems worldwide. The exposure of such a vast amount of personal data puts patients at risk of identity theft, fraud, and other forms of exploitation. The breach at Hospital El Cruce also underscores the need for enhanced cybersecurity measures within the healthcare industry to prevent further incidents and protect the privacy and safety of individuals’ health records.
Reference: