After a data hack last month, some patients at a cancer center in Seattle are getting threatening emails.
After a data breach last month, a few patients at a cancer center in Seattle received threatening emails.
Officials at Fred Hutchinson Cancer Center reported that a hack on November 19 may have compromised patient data by targeting a section of the clinical network of the healthcare system.
According to The Seattle Times, some current and former patients received threatening emails this week stating that the names, Social Security numbers, medical histories, and other data of over 800,000 people had been hacked.
Emails leaked to the media stated that the recipients’ stolen information would be auctioned.
The associate vice president of communications at the center, Christina VerHeul, stated that while she was unable to estimate the number of individuals impacted, an investigation is still underway.
According to her, the center alerted federal criminal enforcement, shut down its clinical network, and hired a forensic security company to look into the attack that occurred last month.
Patients were advised by the clinic to closely monitor their credit reports and bank statements.
The FBI should be contacted, senders should be blocked, and messages should be deleted by anyone who receives strange or threatening calls or emails, according to the center. The center advised not to pay the ransom if the message requested one.
Cybersecurity Nightmare: Fred Hutch Patients Face Email Threats Following Cyberattack
Patients at Fred Hutchinson Cancer Center are still worried and anxious about a cyberattack that happened to part of their network last month; many of them received direct messages from hackers this week.
According to the associate vice president of communications for the institution, Fred Hutch has provided few facts regarding the investigation into the Nov. 19 breach that affected the clinical network of the health care system, but it has indicated that some patient data may have been compromised.
According to Christina VerHeul, in an interview last week, the center alerted federal criminal enforcement, pulled its clinical network offline in less than 72 hours, and hired a forensic security company to look into the matter.
Additionally, it enhanced data monitoring and introduced more “defensive tools,” although it hasn’t yet provided impacted patients with credit monitoring services. Rather, a FAQ page on the incident advised patients to closely monitor their credit reports and bank records to guard against identity theft or fraud.
Then the spam emails started to come in this week.
The threats claimed that the names, Social Security numbers, phone numbers, medical histories, lab results, and insurance histories of over 800,000 patients had been compromised. They were directed to a number of current and former patients of Fred Hutch, as well as some who had received care from Hutch’s partner, UW Medicine.
According to multiple emails provided to The Seattle Times, the accused hackers wrote, “If you are reading this, your data has been stolen and will soon be sold to various data brokers and black markets to be used in fraud and other criminal activities.”
VerHeul stated that while the inquiry is ongoing, she “couldn’t speculate” as to how many people may have been affected. According to its annual report, Fred Hutch treated over 53,000 patients in 2022.
The email claimed that Fred Hutch had already been contacted by the cyberattack’s perpetrator, who “refused to make a deal.”
VerHeul stated that she was unsure if Fred Hutch had communication with the individuals behind the cyberattack. But according to what is known, Fred Hutch thinks the offenders are based outside of the United States.
She added that investigators are still in the process of figuring out whether patient data is actually being sold anywhere.
The patient’s address, phone number, and medical record number are mentioned in the scam email. It also contains a URL that purports to have patient data already for sale, along with information on how to remove it for $50.
VerHeul sent out an email on Friday stating, “We became aware of these emails this week and have been providing guidance to patients on what to do if they receive one.”
Fred Hutch sent out an email to patients last week instructing them to report any unusual or threatening calls or emails to the FBI’s internet crime complaint center at ic3.gov. The email said to delete the communication and block the sender after that. It begged you not to send any money.
Fred Hutch informed the patients, “Our patients’ health and safety is our top priority.”
This week, UW Medicine administrators also contacted patients to inform them that, despite the fact that some patients have never received treatments from Fred Hutch, data from UW Medicine patients was compromised in the breach since the hospital system collaborates closely with Fred Hutch on cancer treatment and research.
Hospital CEO Tim Dellit said in the message, “We apologize if you received an email from the cybercriminals, as some patients have received them.” “Unfortunately, they frequently employ this strategy.”
Although the specific patient data affected and the potential patient population are unknown, UW Medicine stated in a statement that it does not at this time believe that its university-based system was compromised.
Although he’s not actively looking into legal action, one former Harborview patient who got an email threat said he’s “definitely not ruling it out.” The patient spoke on the condition of anonymity because he was concerned about his personal information being made public.
In an email, he stated, “We assume our data is safe when we visit providers (particularly the UW family).
Although VerHeul stated that formal notice letters that patients would receive in the next sixty days will contain information about possible services, Fred Hutch has not yet provided any credit monitoring support to patients. The letters, which will be delivered to patients’ homes, are mandated by the Office of Civil Rights about data breaches.
