cognitive cybersecurity intelligence

News and Analysis


Ransomware attack on Cardiovascular Consultants Ltd. reportedly impacts 500,000 patients, guarantors, and personnel

Alright, my friend, let me take you back to November 6th. We were all still wearing our poppies and coming down from the dizzying firework spectacles of Bonfire night. But, while we were lost in all these distractions, some cheeky ruffians, known by the name ‘Qlin’, were up to no good. They decided to attack Cardiovascular Consultants (a fancy name for heart doctors), nicking over 205 gigabytes of data. There didn’t seem to be much fuss at the time. The Cardiovascular Consultants (CVC for short) didn’t so much as bat an eyelid. Nor did their privacy officer, who seemed as silent as a graveyard.

Now, this bunch of naughty hackers had a website where they dumped all the stolen data. But here’s the kicker – we couldn’t actually get it to download. Very much a case of all show and no go, as far as I can tell. Anyway, the powers that be at Fresenius Medical Care (the bigwigs who CVC answer to) have finally taken note and let the cat out of the bag.

Here’s what happened. Once upon a sunny September day over the pond in the US, CVC realised their computer systems were under siege. The intruder was busy snatching data left, right, and centre. The poor old CVC people took action, roping in some forensic bods to work out what had gone down. It turns out their systems were accessed, their data encrypted and nicked. Patients’ records, the lot. The swiped data even had a bit of info on CVC’s employees.

It was estimated that around half a million patients and 200 staff members were caught up in the incident. The affected folks were scattered across America, from Maine to Hawaii, and even as far afield as four other countries.

Fresenius fought back, bringing in a credit agency to notify patients, manage calls, and keep an eye on the credit scores of those who got mugged by this cyber crook. Remember this is a medical outfit we’re talking about. Data loss here isn’t the same as losing your password to Candy Crush. Patient details, medical history…it’s potentially very serious stuff.

The same cyber breach may have also hit a branch of the family, Fresenius Vascular Care, but as they say, the fat lady hasn’t sung on that one yet. The investigation is still ongoing.

So, you might be wondering, how much did all this malarkey cost? Well, the chaps at Fresenius think that even with all the expenses for the investigation and putting things right, it won’t leave too big a dent in their coffers.

But there’s still a bit of a hangover to deal with – having to report the incident to the authorities, possible investigations, likely legal battles, and let’s not forget, Fresenius’ reputation might be left a bit battered and bruised.

At least it’s not all doom and gloom! It’s an important reminder to all of us to stay alert and make sure we’ve got our cybersecurity defences up to scratch. Even the best of us can get caught out, as poor old CVC can attest. Anyway, chin up and keep those firewalls firing! The cyber world can be a murky old place, but if we take care and stay vigilant, we can hopefully avoid falling foul of any more of these online chancers.

by Parker Bytes

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts