Another day, another data breach at a healthcare facility. This time, it’s the Texas Tech University Health Sciences Center (as well as the El Paso division) that has announced they fell victim to a cyberattack back in September.
The September attack disrupted computer systems and applications while “potentially” exposing the combined data of 1.4 million patients including full names, birth dates, physical addresses, Social Security numbers, drivers licenses, government ID numbers, financial account information, health insurance information, medical information, billing or claims data, and diagnosis and treatment information according to a data breach notice released by the Texas Tech University Health Sciences Center.
A month after the hackers got access to the system, the Interlock ransomware gang claimed responsibility for the attack; the threat actors have also leaked a total of 2.6 TB of data allegedly stolen from the HSCs to their extortion portal on the dark web where it is available for download.
Interlock is a ransomware operation that is relatively recent and has distinguished itself for using an encryptor targeting FreeBSD servers along with a Windows variant. Interlock usually demands ransom amounts ranging from hundreds of thousands to millions of dollars depending on the size of the organization according to Bleeping Computer.
Patients who are confirmed to be impacted should be contacted by the university's health and sciences center in order to offer them free credit monitoring services. Those who have had their data compromised by this cyberattack can also contact the toll free dedicated assistance line at 1-866-902-1996.
How to stay safe after a data breach
The HSCs encourages patients to “remain vigilant against potential phishing and social engineering attacks, monitor their credit reports and health insurance billing statements and report any suspicious activity to the authorities.”
The best way to stay safe against phishing is to avoid clicking on any email or message from an unknown sender. Also, make sure you know the policies for your company and double check the sender’s email address: Is this a regular known source or person? Make sure all your devices, including your mobile devices, are protected against malware and threats. We have recommendations for the best Android antivirus apps, but because of Apple’s restrictions there’s no equivalent for the best iPhones.
In order to protect yourself against most common social engineering attacks, it’s always best to be wary of being approached through social media or by contacts offering opportunities or links. Always be diligent about unexpected links, attachments and never open anything from someone you don’t know or are not expecting. If you receive a link or attachment, contact the sender and ask if they’ve sent it and why. And of course, make sure you’re using one of the best antivirus software options available, that it’s kept current and up-to-date and that it has one of the best VPNs with browser-level privacy protection included.
We've seen one data breach after another so far this month which is why you need to be extra careful online ahead of the holidays.
