Data from a medical research company that is set to carry out trials of a possible vaccine for COVID-19 has been published online after the company refused to pay up following a ransomware attack.

Hammersmith Medicines Research Ltd. was targeted by the Maze ransomware group March 14 that locked down its systems.

The company, which carried out tests to develop the Ebola vaccine and drugs to treat Alzheimer’s disease, carries out early clinical trials of drugs and vaccines. The company said that it repelled the attack and restored all functions.

Computer Weekly reported today that the Maze hacking group started to publish historic sensitive medical and personal information about thousands of former patients in an attempt to extort the company for payment. The data includes medical questionnaires, copies of passports, driving licenses and national insurance numbers of more than 2,300 of the organization’s patients.

Despite some reports that some cybercriminals have been encouraging others to behave during the COVID-19 pandemic, that isn’t the case here. The Maze group claimed on Wednesday that it would not attack any healthcare organizations during the pandemic, a promise that at best lasted three days.

As the pandemic continues to claim more victims, those on cruise ships have been particularly hard-hit, with thousands stranded as countries close their borders. Norwegian Cruise Lines was targeted by hackers March 13. Data stolen included clear text passwords and email addresses used to log in to the Norwegian Cruise Line travel agent portal by agents working for companies such as Virgin Holidays and TUI.

“Norwegian Cruise Line experienced a credential dump and while on the one hand, we unfortunately see credential dumps occurring on practically a weekly basis, it does also mean that we are well aware of many best practices that Norwegian and others can implement to minimize further damage and prevent this from happening in the future,” James Carder, chief security officer and vice president of security form LogRhythm Inc., told SiliconANGLE.

‘The first step — which Norwegian has already recommended — is for all of its agents to change their portal passwords, as well as any other passwords they’ve been using to access multiple applications, ” Carder added. “Right now, the biggest risk is what else the attackers are able to access with this credential dump, given that so many people still practice poor password hygiene and use the same one across multiple systems — whether they’re for business or personal use. So getting everyone to change their passwords is an easy way to prevent potential exposure of other sensitive data.”

Finally, he said, Norwegian should also ensure they implement monitoring and detection controls for their portal, systems and applications — especially those that are internet-accessible. “This will make it easier to automatically identify suspicious activity and remediate potential threats quickly,” he said.

Photo: Hammersmith Medicines Research/LinkedIn