16. 05. 2024
Mirko Ioris
SOCnews
SOC News | May 16 – Data stolen from SYNLAB published on the Dark Web
SYNLAB, European leader in medical diagnostic services, was the victim of a cyber attack last April. The compromised infrastructure is the one that runs Italians clinics only, other countries were not affected. In early May, ransomware group BlackBasta claimed responsibility for the attack, saying it had stolen 1.5TB of sensitive medical data from Italian citizens. They demanded a ransom, threatening to publish the confidential data on their Dedicated Leak Site (DLS). The ransom wasn’t paid, and on the afternoon of 13 May, BlackBasta published the entire leak on the dark web.
According to what the DLS says, almost 9000 different people accessed these data (last update: May 23). Inside the leak are PDFs of medical exams, patient IDs, Excel spreadsheets, employees Word documents, and much more. This information can be used by threat actors for identity theft, user impersonation, spear-phishing or scam campaigns, and other attacks.
If you were a Synlab customer, your data may have been included in the breach and it’s advisable to be on the lookout for any potential phishing, smishing or vishing attempts that may happen to you in the near future.
Mirko Ioris
Technical Consultant - Cyber Security Team | Würth Phoenix
Author
