Tens of thousands of patient records stolen from two hospital chains have been published on the dark web, the shady corner of the internet where illicit goods are sold.

The records were stolen from Leon Medical Centers, which serves eight locations in Miami, Florida and Nocona General Hospital, which has three locations in Texas, according to a report Friday on NBC News. The stolen data is said to include at least tens of thousands of scanned diagnostic results and letters to insurers that include personally identifiable information such as names, addresses and birthdates.

In the case of the data from Leon Medical Centers, the data was stolen in a ransomware attack in November that was officially announced by the hospital in January.

A report from HIPAA Journal Dec. 29 said Leon Medical had been struck with Conti ransomware and that those behind the attack demanded a ransom payment in return for a decryption key and a promise not to publish stolen records. Those behind the attack claim to have stolen personal health information relating to more than 1 million patients, although Leon Medical Centers denied the figure, calling it grossly overstated.

Conti ransomware was in the news at around the same time Leon Medical Centers is said to have hit. Industrial computer manufacturer Advantech Co. Ltd. was reported to have been struck by Conti ransomware Nov. 19, while Canadian voice over IP hardware and software maker Sangoma Technologies Corp. disclosed a Conti ransomware attack late December.

How the data was stolen from Nocona General Hospital, however, appears to be a mystery. In stark contrast to Leon Medical Centers, Nocona has not published a breach disclosure on its website. Texomas reported that an attorney for the hospital chain told NBC Nocona that the company was not a victim of ransomware.

“The unfortunate reality of any cyberattack on a healthcare system is that the data obtained is some of the most personal information available,” Tim Mackey, principal security strategist at Synopsys Inc.’s Cybersecurity Research Center, told SiliconANGLE. “Cybercriminals know this and fully expect that their ransom demands will be met in one form or another. As a result, patients of either medical system should be on guard for very targeted spam emails or robocalls.”

People need to be wary of any unsolicited or unexpected calls, particularly if demands for payment are involved, Mackey added. “In the event anyone receives such a call, they should immediately hang up and call their provider directly,” he advised. “If the call was legitimate, then at worst you wait on hold. If the call was from a scammer, you’ll have saved yourself significant grief and you shouldn’t be afraid of calling your local police department and reporting it.”

As for the chief information security officers of hospital systems, he said it’s important to review threat models and defensive measures constantly. “I hope that the attack vectors used in this attack are fully disclosed,” he said. “Doing so would allow everyone to recognize whether their defenses were prone to a similar attack.”

Photo: Leon Medical Centers