The RansomHouse hackers, who attacked the systems of the ClÃnic hospital on March 5, have made public a new exfiltration of part of the 4.5 gigabytes of data that they stole from this hospital.
Among the documents there is an Excel document without any type of protection that contains at least dozens of usernames and passwords to access clinical trials, results and diagnostic images, which are also perfectly identified. In addition, the chosen passwords are not very secure, since almost all of them consist of the same word and only the final two digits vary.
According to a cybersecurity expert consulted – and who prefers to remain anonymous – this new leak of information “is more serious for what it shows than for what it contains. At this point the hospital has already changed, surely, the users and the passwords and will have installed a password manager, but what is clear is that they had abandoned the hand of God and neglected the protection of sensitive information â€.
In this new installment, the hackers also display digitized signatures of doctors with their names and their corresponding collegiate numbers, so that anyone who gets hold of this information can falsify a prescription to get hold of any type of medication. Other documents are the recordings of Zoom meetings of different hospital teams.
On this occasion, another novelty of this new leak is the method offered by RansomHouse to distribute the stolen data. In addition to publishing, as up to now, a link to download them on their website -under attack by the Mossos since April 4-, the hackers have announced on their Telegram channel that they are now also available on IPFS (Interplanetary File System , for its acronym in English). It is an untraceable file distribution system that can be accessed with any torrent client (a system that fragments files into small parts and distributes them in different locations) with the ability to search IPFS, since both protocols store quite a few similarities.
Access to IPFS was censored by Spanish internet operators on September 25, 2017, since it was one of the resources believed to be being used by the organizers of the referendum in Catalonia on October 1 of that same year, but in the Currently there is no type of restriction to access this class of files.
