cognitive cybersecurity intelligence

News and Analysis


Mulkay Cardiology Consultants Informs Nearly 80,000 About Ransomware Attack

Well, gather round, I’ve got a bit of a story to tell you. It’s all about a heart-stopping event at Mulkay Cardiology Consultants, part of the Holy Name Medical Centre, out in the States. This isn’t about some groundbreaking surgery, mind you. Nope, it’s all about a cyber security breach.

Back in September, the good folk at Mulkay discovered something was a bit off kilter with their systems. After a bit of digging, they found that a large number of individuals – we’re talking 79,582 people – might’ve had their personal details compromised. Quite the stinker for those involved!

Mulkay, quick as a flash, put their noses to the grindstone and got on top of it. They made sure they rebuilt their systems, using backup data, to stem the damage. And, of course, they kept the local law enforcement in the loop, while also bringing in a forensic security firm to check the systems were now secure.

Now, how severe was this breach, you ask? Well, allegedly, a figure unknown to Mulkay ended up with some files containing a fair few personal details – names, addresses, dates of birth, Social Security numbers, driver’s license digits, medical history, you name it. Quite the haul, if it indeed fell into the wrong hands.

But here’s some solace for those sweating at the thought of their information being misused: Mulkay doesn’t believe there’s any evidence to suggest fraud or identity theft. A small silver lining in otherwise dark clouds, wouldn’t you say? And those with their Social Security Number or driver’s license details snagged in the mess have been offered complimentary identity theft protection services.

Now, here’s the rub. Not all is as clear as day in this story. You see, Mulkay’s account doesn’t mention the detail that the culprit of this data breach was the cheeky cyber group known as NoEscape. It’s not even hinted at that our friends at NoEscape claimed to have a healthy 60 GB of intimate patient details and proudly shared this on their dark web site.

Upon some investigation, it seems NoEscape had been active with Mulkay’s information. Late October saw them listing Mulkay as being under a ‘DDoS (Distributed Denial of Service)’ attack. Now, it’s not certain how long the attack lasted, but it was soon followed by Mulkay’s data vanishing from the leak site.

This sequence of events raises a speculative eyebrow. Did Mulkay loosen their purse strings and pay a ransom to NoEscape? They claimed to restore their system from backups, but there might be a possibility they forked out to ensure NoEscape pulled the patient information and as a guarantee of data destruction and an end to the attacks.

However, Mulkay didn’t speak a word about any ransom demands or payments, nor about the patient information leaked on the dark web. It’s quite the mysterious tale, isn’t it?

I did try to reach out to Mulkay to pick their brains about this, particularly whether they paid any ransom. But so far, it’s been a somewhat one-sided conversation. They’ve not got back to me…yet.

So, that’s my tale. Intriguing, isn’t it? Just goes to show the importance of cybersecurity in healthcare. After all, in this digital age, it’s not just our hearts we need to be looking after.

by Parker Bytes

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts