The notorious ransomware group, LockBit, has recently declared its intentions to disclose the private medical data of cancer patients. This announcement comes after their alleged cyber-attack on Varian Medical Systems, a prominent healthcare firm that specializes in software for oncology applications.
Varian Medical Systems, a subsidiary of Siemens Healthineers, plays a crucial role in the healthcare sector, especially in the oncology domain. The potential leak of sensitive patient data could have severe repercussions on patient privacy and the company's reputation. The ransomware gang has set a deadline for Varian, demanding negotiations by August 17, 2023, to prevent the publication of the stolen data on LockBit's dedicated blog.
Related: Refusal to pay is the newest strategy to combat ransom attacks
LockBit's message on its TOR leak site is clear and threatening: "ALL DATABASES AND PATIENT DATA WAS EXFILTRATED AND PREPARED TO BE PUBLISHED ON THE BLOG." The group has explicitly stated that if Varian does not initiate negotiations to recover the stolen data by the given deadline, they will proceed with the data leak.
This isn't the first time a Siemens subsidiary has faced a cyber threat. In the past four months, the broader Siemens group has been targeted in two other significant incidents. In April, Siemens Metaverse experienced a data breach where sensitive information, including office plans and IoT devices, was exposed due to inadequate security measures. In June, another ransomware group, Cl0p, infiltrated Siemens Energy. However, Siemens Energy reported that no critical data had been compromised in that incident.
The looming threat from LockBit puts immense pressure on Varian Medical Systems to take swift action, either by negotiating with the cybercriminals or by implementing countermeasures to protect the stolen data. The healthcare sector, already grappling with challenges posed by the pandemic, now faces an added layer of cyber threats that could jeopardize patient trust and corporate integrity.
Related: HIPAA Compliant Email: The Definitive Guide