Sale Of PilotFish's Database On Dark Web Could Compromise HIT Clients
By Christine Kern, contributing writer
Risks for healthcare providers are at an alarming level.
Not only are cyber criminals are managing to infiltrate EHR systems and leverage compromised data for extortion and ransom, they are also accomplishing “substantial infiltration” of peripheral systems according to InfoArmor research. Most recently, a threat actor identified as “batwhatman” claimed to have the source codes of PilotFish Technology — a healthcare software vendor — up for sale on the Dark Web.
The threat actor may have compromised a corporate SVN server and stolen multiple application codes written in JAVA, according to a report by the security firm. The information was made available for sale on AlphaBay, an underground marketplace actively used by cybercriminal to exchange a wide range of illegal goods and services including stolen digital data. PilotFish develops middleware to integrate disparate systems and support medical devices with HL7 features.
Analysis demonstrated most of the users were extracted from the customer licensing system, including healthcare organizations that utilize PilotFish software. The cybercriminals accessed the customer database to steal records and information — including customer credentials — regarding specific clients of PilotFish.
The breached database contains 1,787 different companies from the U.S., Canada, Australia, China, and Europe. “This is clearly a risk to users of PilotFish Technology software, particularly within the Healthcare industry, and should raise significant concerns regarding the potential associated with third party providers being targeted by cyber criminals,” InfoArmor officials say.
Last month, CSO Online reported TheDarkOverLord had breached 10 million patient records and was extorting victims for money. TheDarkOverLord claimed to have accessed social security numbers, phone numbers, and addresses of millions of patients, all valuable information for identity thieves. InfoArmor reported the stolen data was real, but would not comment further on the breach.
“As demand for new systems and technology accelerates, this growth will also increase the threat of cyber-attack as cyber criminals continue to look for ways to exploit this growth for their own gain,” the InfoArmor report authors added. “As new systems are adopted, attack surfaces grow and new threat vectors emerge, fueling cyber-crime.”
Andrew Komarov, chief intelligence officer for InfoArmor, said, “The next steps for PilotFish should start with notifying their customers about the data breach and securing source codes in order to avoid any tampering and malware distribution. Then, to revoke possibly compromised digital certificates in order to avoid malware code signing, using their brand.”