2 min read

Hackers release healthcare data in double extortion attacks

Sara Nguyen November 16, 2020

Healthcare cybersecurity news
Hooded figure with face obscured by glowing green binary code
Hacker in hooded jacket with binary code overlay on face and torso REvil, Netwalker, and Conti ransomware hackers recently shared stolen protected health information (PHI) from three separate healthcare cyberattacks on the dark web. They didn’t release the entire data collection because they are conducting a double extortion attack. This initial data leak is a strategy to get victims to comply with their demands. By releasing part of the data, the criminals hope to force victims to pay a ransom to prevent further data leaks or stop data from being put up for auction.  If the victims do pay, the criminals say they will return the data. But they run the risk of the hackers not returning all of it or asking for even more money.

What happened?

Three different ransomware attacks caused massive data breaches for healthcare providers. Hackers have released some of the stolen information to the dark web to extort victims for money.
  • Beacon Health Solutions: REvil published 600 GB of this healthcare business associate’s sensitive information. The hackers have scheduled ten more leaks, each with 60 GB of data, possibly including Social Security numbers, bank documents, and other personal details.
  • Wilmington Surgical Associates: NetWalker claims to have stolen more than 13 GB of data from the North Carolina specialist, including thousands of documents containing sensitive information. They haven’t released the data but did post file names as proof they have it.
  • Riverside Community Care: The hackers behind Conti ransomware posted sensitive files of drivers’ licenses, incident reports, and employee information from the Massachusetts provider.
SEE MORE: Netwalker Ransomware Hits Philadelphia Healthcare Firm

 

What to know about double extortion

One of the most significant consequences of having your network compromised is the inability to run your day-to-day healthcare operations. You can remedy this by having a business continuity plan in place. But what you can’t prevent is cybercriminals releasing data to the dark web after it is taken. SEE MORE: Global Surges in Ransomware Attacks in Q3 2020 Hackers commonly encrypt stolen data and only unencrypt it in exchange for money. If they want to ensure they get paid, they use the double extortion method.  Double extortion involves threatening to release data on the dark web if the victim does not pay a ransom. However, paying a ransom is risky because hackers may turn around and ask for more money or not meet their end of the deal. It’s a lose-lose situation for healthcare providers that might already be facing a HIPAA violation for the data breach. They may have to pay a massive fine with a potentially costly corrective action plan . SEE MORE: The Costs of Ransomware Attacks

 

How ransomware gets into your system

Ransomware attacks most commonly find their way into a network system from one of three entry points: While patching vulnerabilities and routine monitoring can protect your IT system, human error may end up being your most prominent threat for a ransomware attack. SEE MORE: Hacking and Human Error: Two Enemies of HIPAA Compliance Hackers have taken advantage of the panic surrounding the pandemic and have increased ransomware phishing email attacks. A simple click is all they need to enter your network and launch a double extortion attack.

 

How to avoid double extortion attacks

The best way to avoid double extortion attacks is to build strong safeguards that prevent hackers from entering your network in the first place.  First, educate your employees on phishing. Employee training on HIPAA compliance and the need for constant vigilance against cyberattacks makes a huge difference. SEE MORE: Why Investing in Ongoing Cybersecurity Training is Good Business Second, take the guesswork away from your employees as much as possible. In addition to enabling you to send HIPAA compliant email by default, Paubox Email Suite Plus provides robust inbound security tools to stop email threats from reaching a user’s inbox and protects you from receiving spam , viruses , ransomware, and phishing emails. Paubox blocks threats before they become a huge problem for your network system. Investing in a strong security system is much cheaper than paying a cybercriminal’s ransom HIPAA fines.  
 
Try Paubox Email Suite Plus for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Stethoscope on a medical clipboard

How do SASE and ZTA work together to enhance healthcare cybersecurity?

Picture of Tshedimoso Makhene Tshedimoso Makhene : November 20, 2025

Remote healthcare, telemedicine visits, home monitoring, and field staff accessing cloud-based EHRs are no small projects or special cases. These...

Healthcare cybersecurity news
Read More
Image of a clipboard with a stethascope on top of it.

How MSSPs can help your healthcare IT

Lusanda Molefe : August 22, 2025

Healthcare organizations suffered over 3,900 data breaches between 2005 and 2019, exposing 249 million patient records, according to a study...

Healthcare cybersecurity news
Read More
u.s. department of health and human services logo

Summary of the HHS cybersecurity planning document

Picture of Liyanda Tembani Liyanda Tembani : December 27, 2023

The United States Department of Health and Human Services (HHS) released a document in December 2023, outlining a strategic plan to bolster...

HIPAA compliance Healthcare cybersecurity news
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.