In disclosing their information had been hacked by HelloKitty, an Oregon medical outfit let it slip that the FBI calls them “a Ukrainian hacking group,” the primary such revelation concerning the beforehand mysterious miscreants.
The Oregon Anesthesiology Group (OAG) got here beneath cyber assault in July, with the hackers having access to the data of 522 present and former staff and a few 750,000 sufferers. The FBI has since seized a HelloKitty account that contained a few of the information, the OAG stated in a breach disclosure assertion.
An Oregon healthcare group seems to have by chance revealed in a breach disclosure that the FBI believes that the HelloKitty (FiveHands) ransomware gang operates out of Ukraine https://t.co/pcfbiky8W6
— The Report by Recorded Future (@TheRecord_Media) December 15, 2021
Whereas the assertion itself was made public on December 6, it was solely observed by the media on Wednesday, and solely as a result of it contained the revelation that the FBI thought of the hackers Ukrainian.
In line with the cybersecurity publication The Report, not one of the earlier alerts concerning the group, whether or not by US authorities organizations or personal safety corporations, contained any trace concerning the gang’s location.
The HelloKitty ransomware, also referred to as FiveHands, was first observed in January this 12 months. Its most notable assault was in opposition to the Polish sport developer CD Projekt Pink – the studio behind ‘The Witcher’ sequence and ‘Cyberpunk 2077’ – in February.
Within the word despatched to OAG on October 21, the FBI stated the hackers more than likely exploited a vulnerability within the third-party firewall to achieve entry to the community. The ransomware assault reportedly compelled OAG to revive their programs from backups and rebuild their total infrastructure from scratch.
In line with OAG, the hackers probably made off with affected person names, addresses, appointment dates, medical document numbers, insurance coverage ID numbers, and prognosis and process codes. Additionally they probably accessed present and former worker knowledge, together with names, addresses, Social Safety numbers and tax data on file.