Hacked computer due to cybersecurity weakness

Recent Hospital Breaches Reveal Disturbing New Cybersecurity Trend

Est. Reading Time: 3 Minutes

Key Insights

  • In separate press releases, Leon Medical Centers and Nocona General Hospital reported that bad actors stole thousands of patient records and uploaded them to the dark web in an extortion attempt.
  • These breaches are among the HHS’s report of 28 separate healthcare cybersecurity breaches that occurred in January.
  • The attacks on the hospital systems reveal a frightening new trend in ransomware attacks.


Health records are valuable commodities on the dark web. A patient’s health information can be used to illegally acquire care, prescriptions, medical devices and engage in other nefarious activity. Patient records may also be sold and passed among other malicious users. Last month alone, 28 separate breaches of more than 500 patient records were reported to HHS and added to their list of cases.

COVID-19 has accelerated attacks by hackers on healthcare targets. In 2020, cybersecurity experts saw an 87 percent increase in direct attacks on healthcare organizations during September and October. In addition, as manufacturers rush to distribute the COVID-19 vaccines across the United States, they may leave potential cybersecurity gaps in the supply chain.

Medical Center Breach

In November 2020, bad actors attacked two hospital systems and exposed patient data in an unusual ransomware attack. In a statement on their website, Leon Medical Centers reported that on November 8, 2020, “it was the target of a cybercriminal attack and that portions of our computer were infected with malware.” The next day, they “received confirmation that certain files stored within Leon Medical’s environment that contain personal information had been accessed by the cybercriminals.” Along with other information, Leon Medical believes that the cybercriminals stole “Social Security number, Medicaid number, prescription information, medical and/or clinical information including diagnosis and treatment history, and health insurance information.”

NBC News reported that Leon Medical Centers was not the only target of such an attack; patient healthcare data from Nocona General Hospital was also published “in an apparent attempt to extort them for money.” The hacker group, which is “well known to cybersecurity researchers,” deviated from their typical ransomware attack. These hackers “typically encrypt their victims’ files and demand payment, and it’s rare for them to publicly release such files first.” The motive for releasing the files is unclear.

The Larger Trend of Healthcare Cybersecurity Breaches

The Leon Medical Centers and Nocona General Hospital incidents are examples of how hackers are changing their ransomware demands.

According to the 2020 HIMSS Cybersecurity Survey, phishing remains “the number one type of significant security incident.” Phishing “is highly effective because the recipients of phishing messages are usually unaware of being scammed or deceived.” Ransomware and malware are also significant threats and HIMSS found that “new extortion tactics are being used. If the victim resists paying the ransom, the ransomware operators may leak the stolen data in order to create more duress.” However, in the case of the hospital breaches, the hackers published the stolen data first instead of demanding ransom.

Further compounding the risk of ransomware and other cybersecurity attacks are the continued use of legacy systems, such as Windows 7 and Windows server systems. Legacy systems “typically have known security vulnerabilities that can be relatively easy to exploit” but are “technically difficult and/or prohibitively expensive to rectify.” They often cannot be upgraded because they are “no longer supported by the manufacturer.” Healthcare providers may be hesitant to switch to a more secure system because “a mission critical application may only run on the specific legacy system,” “a legacy device may not function properly unless it is used with a specific legacy operating system,” or “it may not be possible to port the legacy application to a more modern (supported) operating system.” The cost of upgrading may also be a factor in the decision to continue using the legacy system.

It is critical that the healthcare industry continues to improve its security stature. HIMSS advises that healthcare tools be created with cybersecurity in mind to proactively identify and prevent security incidents. Investments in better cybersecurity not only protect patient information but can protect providers from incurring greater expenses down the road.

Subscribe to inforMD to stay up to date on the latest in cybersecurity best practices for independent physicians!

Are you interested in finding out more about PRIVIA+?