Cybercriminals from Russia have not only taken the KNVB in Zeist digitally hostage. A Brabant healthcare institution was also recently hacked by the same perpetrator group, according to research by Crimesite. More than 100 gigabytes of confidential data from healthcare institution Sint Joris has been made public. The hackers also threaten to reveal internal information from the football association next week. The publication of the data from Brabant shows that it does not stop at threats. They are now publicly available on the internet.
By means of Vincent Verweij
Sint Joris is a care institution with four branches in Oirschot and the surrounding area. Demented elderly people who need permanent care live there. The organization has an annual turnover of 26 million euros and an equity capital of more than 10 million. This makes them an interesting target for cybercriminals. They try to steal data and then blackmail its owner. If payment is made, the data will remain confidential. But those who refuse to pay will see their data appear on the internet. Ransomware, this form of digital extortion is called.
The Russian ransomware gang Lockbit is considered the most active and successful offender group worldwide. They have been operating since 2019 and have made hundreds of millions through hacks from numerous companies and organizations in the United States, Europe and Asia. On the ‘dark web’, an encrypted part of the internet, they name the companies they are currently blackmailing. And they publish the data of companies that refuse to pay.
On April 17, the data of the Brabant care institution appeared there, according to research by Crimesite. This includes confidential personnel and patient data, internal work instructions and administrative data. Names of residents and their medical conditions are also described. It is remarkable that the data ended up in the hands of hackers, because Sint Joris implemented a major ICT renewal last year, in which everything was migrated to a ‘safe’ cloud environment.
Sint Joris has now published a response on its website. It says that they have been aware of the cyber attack since December 2022. The care institution advises residents and employees to renew their identity documents because of the risk of misuse. It is also unclear how much money the hackers demanded and why the healthcare institution refused to pay. Board chair Hubertina Engels and the client council are unavailable for comment.