Over the weekend, Northern Irish health trusts were on high alert after the XP95 hacker group claimed to have accessed half a million files.
A recruitment platform used by Northern Ireland’s health trusts has reportedly suffered a cyber attack from the relatively new hacker group XP95, who are claiming they accessed hundreds of thousands of files.
With headquarters in Dublin and offices in Belfast, Toronto and Melbourne, Healthdaq has not yet replied to our request for comment, but BBC NI reported over the weekend that it has seen an email from Healthdaq’s data protection officer, saying it had become aware of unauthorised access to data held on its platform on 30 March, and that the issue had been contained.
“The incident has been identified as a confidentiality breach involving unauthorised access and extraction of data,” BBC NI quoted the email, which said that names, contact details, CVs and forms of government ID could be among the data that was stolen, in some cases even health data.
The cited email went on to warn that the nature of the data stolen meant that there was a risk of misuse, from identity theft to fraud. According to the BBC, the health trusts have warned all staff to be aware of a potential cyber incident and to be extra vigilant.
Healthdaq told The Newsletter in Belfast that the incident had been reported to the “relevant regulatory and law enforcement authorities” including the Garda National Cyber Crime Bureau .
According to threat intelligence firm Red Piranha, the XP95 ransom actor was first observed on March 4, and its first know attack was on Eholo Health, a Spanish mental-health SaaS platform serving over 10,000 psychologists across Spain and Andorra.
“The actor’s BreachForums profile was freshly created at the time of first appearance, with no prior references in threat intelligence reporting linking XP95 to any known organised group or prior campaigns,” said Red Piranha in a threat intelligence report from early March.
“Unlike conventional ransomware operators, XP95 does not deploy encryption malware,” it said. “The group operates a pure exfiltration-and-extortion model: sensitive data is stolen from the victim environment, a proof-of-compromise sample is published on a Tor-hosted Data Leak Site (DLS) and cross-posted to BreachForums, and a ransom demand is issued with a hard payment deadline.”
Should the ransom not be paid, XP95 then threaten to publicly release the stolen dataset for sale. Reporting suggests that healthdaq has indeed received a ransom request.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
Click Here For The Original Source.
