HMR Drug Testing Company Sending out Data Breach Alerts after Ransomware Attack
The Maze ransomware group attacked the systems of Hammersmith Medicines Research (HMR) on March 14, 2020. The attackers published the personal details of thousands of the former company patients after the organization declined the ransom demand.
The company carried out tests developing toward an Ebola vaccine, as well as drugs that treat Alzheimer's disease, and early clinical trials of vaccines and drugs for other health issues. The cybercriminals published the HMR files a day after they made a promise to stay away from attacking medical organizations during the COVID-19 pandemic.
HMR shared an alert warning their volunteers about a severe attack that happened on March 14, but were unable to stop it and restore computer systems and emails by the end of the day. They managed to repel the attack and to restore functions with no downtime, according to HMR managing and clinical director Malcolm Boyce.
The attackers published a notice on a website, claiming they had attacked the company with ransomware on March 14, 2020. They later put more pressure on HMR by publishing sensitive medical and personal information on thousands of their former patients online. The files contained information dating back 8 to 20 years, with copies of passports, driver's licenses, medical questionnaires, and national insurance numbers for more than 2300 patients.
Table of Contents
The Ransom Demand
Boyce mentioned the hackers sent the company medical files containing details of people who took part in clinical trials while traveling and would be difficult to track down. He mentioned they had no way of contacting them since they were likely back to their country of origin. He also stated they were aware of the hackers releasing more records on the internet, but he had not seen their content. Boyce also stated they have no intention of paying, that they'd instead go out of business than paying a ransom.
Maze Breaks Promise not to Attack Hospitals
The Maze group, which was first spotted in May 2019, extorts victims by focusing on ransomware attacks on organizations. They increased their efforts by sharing the names of companies who declined the ransom demands, meanwhile publishing stolen data to set an example to those who plan on doing the same.
The group made what amounts to a press release on March 18 not to attack any medical organizations during the pandemic. Their answer to the pandemic was to give discounts to anyone infected by their product. They were claiming they will stop activity 'versus all kinds of medical organizations until the stabilization of the situation with the virus.'
Maze Removes the Leaked Documents
Following media coverage, the Maze ransomware group decided to remove the sensitive HMR medical files from their website. The group later released another statement claiming they had attacked HMR before their public promise not to attack institutions, though they didn't mention why they published the data after their promise.
Maze's statement mentioned that security professionals weren't doing their jobs, throwing caustic remarks regarding their work habits and procrastination. The group claimed companies were earning billions of dollars but didn't care about protecting user privacy.
The Maze group said they want to show the system is unreliable, with weak cybersecurity. They claim the people who care about information security are unreliable, that they don't care about the users. Then they went on to compare their actions to those of Julian Assange and Edward Snowden, meanwhile threatening with further attacks.