Baystate Medical Center reportedly suffered a data breach possibly impacting 12,000 patients.The Springfield, Mass.-based hospital told patients that between Feb. 7 and March 7, 2018, several employee email accounts were compromised after a worker was victimized by a phishing scheme giving an unauthorized person access to their accounts.Baystate said the accounts were quickly locked down, but not before certain patient information was exposed. This included patient names and dates of birth, health information (such as diagnoses, treatment information and medications), and in some instances health insurance information, Medicare numbers and Social Security numbers.
Baystate said its medical record database was not accessed and the hospital does not believe the compromised information has been used. "This incident did not affect all Baystate patients, and we have no indication that any patient information was actually acquired or viewed, or that it has been misused," hospital officials said in a release.Masslive.com reported that 12,000 patients were affected.
Initial compromise has been followed with either malicious JavaScript code injections for credential theft, LocalOlive web shell delivery for further payload retrieval, or remote access software distribution for additional compromise.
Sandworm, also known as APT44, Seashell Blizzard, and UAC-0113, launched numerous malware intrusions as part of the campaign, the most recent of which involved the distribution of a fake KMS activation tool containing the BACKORDER malware loader that facilitated DarkCrystal RAT delivery following Windows Defender deactivation, according to an EclecticIQ analysis.
Intrusions involved the distribution of an obfuscated backdoor in the guise of a GTM and Google Analytics script for web analytics and advertising, which when executed from a Magento database table facilitates the exfiltration of credit card details, according to a report from Sucuri.