Emory Healthcare struck by ransomware attack

Atlanta-based Emory Healthcare was hacked by the Harak1r1 the 0.2 Bitcoin Ransomware, MacKeeper security researcher Chris Vickery discovered on Jan. 3.

On Dec. 30, MacKeeper Security Research Center discovered a misconfigured MongoDB database that contained data from over 200,000 patients and other sensitive information. On Jan. 3, the firm confirmed this data was linked to Emory Brain Health Center.

It appeared Harak1r1 wiped a database of the Brain Health Center and blocked access to these records, Vickery said. The database is gone and now boasts a ransomware message asking for .2 bitcoin.

The data appeared to be orthopedic and clinic workflow records. All files included names and addresses. Some included emails, birthdates, medical record numbers and cellphone numbers. The timestamps of the files are dated from 2015 - 2016.

These types of files are often used for medical fraud and forging medical bills.

Vickery could not determine if the site was under the control of Emory or a third-party business associate.

Emory's website, however, has not posted about the ransomware attack. Healthcare IT News has reached out to the organization for comment.

The breach is part of a new Harak1r1 campaign that attacks misconfigured MongoDB databases.

The virus wipes the hacked databases clean - instead of encrypting files. It then takes over databases that are left online without an admin password, BleepingComputer's Security Researcher Catalin Cimpanu said. Researchers first saw the virus in the wild on on Dec. 21.

The attacker, Catalin explained, appears to have performed a mass-scan to find these unprotected MongoDB databases. After, the hacker accessed the sites and held the data for ransom.