Ransomware Gang Collects Data from Blood Testing Lab

apex laboratory ransomware

Apex Laboratory patient data was lifted and posted on a leak site.

Apex Laboratory, which provides blood work at home for patients in New York City, Long Island and South Florida, has been hit with a ransomware attack that also resulted in patient data being stolen.

Though the company just disclosed the attack, it took place on July 25, when “certain systems in its environment were encrypted and inaccessible,” according to a website notice from last week.

Working with a cybersecurity firm, Apex was able to secure its network and resume operations two days later. But the forensic investigation went on, eventually determining on Dec. 15 that the attackers had posted information on their blog about the attack and claimed to have lifted personal and health information, the company said in a New Year’s Eve notice.

2020 Reader Survey: Share Your Feedback to Help Us Improve

That data includes patient names, dates of birth, test results, and for some individuals, Social Security numbers and phone numbers, Apex said. It was likely taken from Apex’s systems between July 21 and July 25 as part of   a “double extortion” attack where criminals not only lock up systems but also exfiltrate data.

“Apex is unaware of any actual or attempted misuse of any information other than the extracting of this data as part of the cyberattack,” the company said. “Apex is in the process of preparing written, mailed notice to impacted individuals for whom it has addresses.” It added that the investigation is still ongoing.

“While the typical ransomware business model involves encrypting data in place and then selling the victim decryption capabilities (aka the ransom), business models always evolve,” Oliver Tavakoli, CTO at Vectra, told Threatpost. “In order to maximize the likelihood of getting a targeted organization to pay such ransoms, attackers may choose to impose multiple types of pain – in this case, the attackers employed both the possible loss of data through encryption as well as the public release of confidential information, thereby getting two bites at the apple. While Apex Laboratory had good enough data backups to overcome the first threat, the second threat was the attacker’s failsafe to still get a ransom.”

Other details were scant on the attack, but Threatpost reached out to Apex for more information on the ransomware gang involved and other data.

The news comes as healthcare organizations continue to be a top target for ransomware gangs,

“I’d say the predominant issue facing healthcare right now is ransomware,” Beau Woods, a Cyber Safety Innovation Fellow with the Atlantic Council, founder and CEO of Stratigos Security and a leader with the I Am The Cavalry grassroots initiative, told Threatpost in a recent video interview. “Ransomware continues to be a leading thorn in the side of care delivery, being able to deliver care to patients. ransomware comes in and shuts down clinical operations, it can cause patient care to go on divert, which is where they basically send ambulances to other hospitals, or even cause hospitals to move patients to another facility that’s not impacted by ransomware.”

Medical organizations have a unique set of challenges that make them ripe targets, researchers said.

“The healthcare industry has a particularly challenging setting — they have to prioritize fighting healthcare-related fires all the time and have to work with software (and hardware) that takes years to certify for safety,” Mohit Tiwari, co-founder and CEO at Symmetry Systems, told Threatpost. “This means the compute infrastructure lags behind due to both business and technical reasons. Healthcare executives need a shift in mindset. They must understand compute infrastructure in hospitals is key to healthcare, and computing failures are healthcare failures. Further, computing flaws are highly correlated and can spread quickly — ransomware or breach of large data stores — or compromise of medical equipment on a network.”

Download our exclusive FREE Threatpost Insider eBook Healthcare Security Woes Balloon in a Covid-Era World , sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and DOWNLOAD the eBook now – on us!



Suggested articles