MedStealer malware has stolen 276 million patient records.
It is unfortunate that cybercriminals are driven by financial gain, with little regard for the impact on others. This is evident in recent attacks on organizations like the New York Blood Center and U.S. hospitals, as well as warnings from the FBI about the risks posed by medical equipment hackers. A new threat has emerged with the theft of 276 million patient records in 2024, known as the MedStealer malware. Here’s what you need to know about this healthcare data-stealing campaign.
Patient Records Are Prime Cybercrime Targets
Healthcare remains a major target for data hackers, with nearly a quarter of all data breaches in 2024 occurring in this sector. The value of stolen healthcare data on the dark web can reach up to $1000 per record, making it a lucrative target for cybercriminals.
A report by HIPPA Journal revealed that healthcare attacks in 2024 led to a massive 276 million breached records. A recent report by Check Point has raised concerns about a new healthcare-focused attack aiming to steal sensitive employee and consumer data.
The Fake Doctor Is In And Wants Your Patient Records
In a recent healthcare phishing campaign, threat actors are using images of real doctors with fake names to deceive victims. The campaign targets individuals in the U.S., urging them to contact the listed health services provider. If successful, the stolen healthcare data could be used for extortion, blackmail, or fraudulent medical services.
Check Point recommends organizations to implement email filtering solutions, educate employees about impersonation attempts, and establish phishing monitoring and response protocols.