Quote:Apex Laboratory, which provides blood work at home for patients in New York City, Long Island and South Florida, has been hit with a ransomware attack that also resulted in patient data being stolen.
Though the company just disclosed the attack, it took place on July 25, when “certain systems in its environment were encrypted and inaccessible,” according to a website notice from last week.
Working with a cybersecurity firm, Apex was able to secure its network and resume operations two days later. But the forensic investigation went on, eventually determining on Dec. 15 that the attackers had posted information on their blog about the attack and claimed to have lifted personal and health information, the company said in a New Year’s Eve notice.
That data includes patient names, dates of birth, test results, and for some individuals, Social Security numbers and phone numbers, Apex said. It was likely taken from Apex’s systems between July 21 and July 25 as part of a “double extortion” attack where criminals not only lock up systems but also exfiltrate data.
“Apex is unaware of any actual or attempted misuse of any information other than the extracting of this data as part of the cyberattack,” the company said. “Apex is in the process of preparing written, mailed notice to impacted individuals for whom it has addresses.” It added that the investigation is still ongoing.
“While the typical ransomware business model involves encrypting data in place and then selling the victim decryption capabilities (aka the ransom), business models always evolve,” Oliver Tavakoli, CTO at Vectra, told Threatpost. “In order to maximize the likelihood of getting a targeted organization to pay such ransoms, attackers may choose to impose multiple types of pain – in this case, the attackers employed both the possible loss of data through encryption as well as the public release of confidential information, thereby getting two bites at the apple. While Apex Laboratory had good enough data backups to overcome the first threat, the second threat was the attacker’s failsafe to still get a ransom.”
Other details were scant on the attack, but Threatpost reached out to Apex for more information on the ransomware gang involved and other data.
Read more: https://threatpost.com/ransomware-gang-d...ab/162721/
![[-]](https://www.geeks.fyi/images/collapse.png)
