Data Breach at Las Vegas Hospital

An investigation has been launched into a data breach that occurred earlier this month at a hospital in Las Vegas.

On Monday, ransomware gang REvil claimed to have hacked into the computer network of University Medical Center and exfiltrated data belonging to the hospital. Sensitive information allegedly swiped by the gang includes Nevada driver's licenses, passports and Social Security numbers. 

Images of what appear to be stolen data belonging to at least six victims were uploaded to the hacking group's website on the darknet and examined by the Las Vegas Review-Journal, who contacted UMC.

On Tuesday, the medical center issued a statement in response to the inquiry from the newspaper regarding the alleged hack. 

UMC acknowledged that its network had been compromised in the middle of June when a server was accessed without authorization. The hospital said that the matter had been reported to law enforcement, who were now investigating it as a cyber-attack.

“This type of attack has become increasingly common in the [healthcare] industry, with hospitals across the world experiencing similar situations,” said UMC.

The Center added: “There is no evidence that any clinical systems were accessed during the attack. UMC continues to work alongside the Las Vegas Metropolitan Police Department, the FBI, and [cybersecurity] experts to determine the exact origin and scope of the attack.”

UMC is a nonprofit public hospital affiliated with the Kirk Kerkorian School of Medicine at UNLV and operated by the Clark County Commission. The hospital houses the Silver State's only Level 1 trauma center. 

The Center said that it will contact any individuals impacted by the security incident and offer them "access to complimentary identity protection and credit monitoring services."

REvil has claimed to be behind multiple high-profile cyberattacks in the past, including an attack on an Apple supplier in which a $50m ransom was demanded to return stolen schematics for new products. 

Emsisoft's Brett Callow said that this year, ransomware attacks have been carried out on at least 32 healthcare providers around the United States. As a consequence, patient care at around 285 sites was disrupted.

What’s Hot on Infosecurity Magazine?