Hackers leak data from medical company set to carry out COVID-19 vaccine trials
Data from a medical research company that is set to carry out trials of a possible vaccine for COVID-19 has been published online after the company refused to pay up following a ransomware attack.
Hammersmith Medicines Research Ltd. was targeted by the Maze ransomware group March 14 that locked down its systems.
The company, which carried out tests to develop the Ebola vaccine and drugs to treat Alzheimer’s disease, carries out early clinical trials of drugs and vaccines. The company said that it repelled the attack and restored all functions.
Computer Weekly reported today that the Maze hacking group started to publish historic sensitive medical and personal information about thousands of former patients in an attempt to extort the company for payment. The data includes medical questionnaires, copies of passports, driving licenses and national insurance numbers of more than 2,300 of the organization’s patients.
Despite some reports that some cybercriminals have been encouraging others to behave during the COVID-19 pandemic, that isn’t the case here. The Maze group claimed on Wednesday that it would not attack any healthcare organizations during the pandemic, a promise that at best lasted three days.
As the pandemic continues to claim more victims, those on cruise ships have been particularly hard-hit, with thousands stranded as countries close their borders. Norwegian Cruise Lines was targeted by hackers March 13. Data stolen included clear text passwords and email addresses used to log in to the Norwegian Cruise Line travel agent portal by agents working for companies such as Virgin Holidays and TUI.
“Norwegian Cruise Line experienced a credential dump and while on the one hand, we unfortunately see credential dumps occurring on practically a weekly basis, it does also mean that we are well aware of many best practices that Norwegian and others can implement to minimize further damage and prevent this from happening in the future,” James Carder, chief security officer and vice president of security form LogRhythm Inc., told SiliconANGLE.
‘The first step — which Norwegian has already recommended — is for all of its agents to change their portal passwords, as well as any other passwords they’ve been using to access multiple applications, ” Carder added. “Right now, the biggest risk is what else the attackers are able to access with this credential dump, given that so many people still practice poor password hygiene and use the same one across multiple systems — whether they’re for business or personal use. So getting everyone to change their passwords is an easy way to prevent potential exposure of other sensitive data.”
Finally, he said, Norwegian should also ensure they implement monitoring and detection controls for their portal, systems and applications — especially those that are internet-accessible. “This will make it easier to automatically identify suspicious activity and remediate potential threats quickly,” he said.
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.