Hackers Threaten Cancer Center Patients in Washington Following Data Breach

The threatening emails said 800,000 patients had their names, Social Security numbers, addresses, phone numbers, medical histories, lab results, and insurance histories stolen.

Hackers Threaten Cancer Center Patients in Washington Following Data Breach

(Photo: arrow, Adobe Stock)

Seattle, Washington – Some current and former patients who were treated at the Fred Hutchinson Cancer Center and the University of Washington (UW) have started to receive threatening emails from hackers following the November 19 data breach against the UW healthcare facilities.

Last month, hackers hit a portion of the Seattle healthcare facility’s network. The center said the breach may have led to the leakage of some patient data, reports the Seattle Times. Within 72 hours, Fred Hutchinson took its clinical network offline, notified the FBI, hired a security firm to investigate the incident, added “defensive tools” and increased data monitoring. However, it didn’t offer credit monitoring to the patients whose data was stolen. Rather, it advised victims to monitor their credit.

This week, some former and current patients started receiving email messages directly from the hackers, threatening to leak their personal information if they don’t pay up, reports MyNorthwest. The message received by one victim said, “Your private date and medical history is being sold on dark net markets.”

The message also said 800,000 patients had their names, Social Security numbers, addresses, phone numbers, medical histories, lab results, and insurance histories stolen.

The email asked the victim for $50 to scrub his information from the dark web.

Fred Hutchinson Cancer Center is advising victims who received these emails to not pay the ransom and to contact the FBI’s Internet Crime Complain Center. It also advised victims to then block the sender and delete the message.

The data breach has prompted the filing of a class action lawsuit against the Fred Hutchinson Cancer Center, University of Washington School of Medicine, UW Medical Center, and others by Turke & Strauss LLP, based in Madison, Wisconsin. The suit says the defendants didn’t provide security to stop “a flood of extortionary threats by cybercriminals to defendants’ current and former patients,” reports KOMO.

Fred Hutchinson wasn’t the only healthcare facility whose network fell victim to a cyber attack in mid- or late November. Hospital emergency rooms in several states were forced to divert emergency vehicles to other facilities due to a slew of cybersecurity incidents on Thanksgiving Day. The affected hospitals were in Texas, Idaho, New Jersey, Kansas, Oklahoma, Tennessee, and New Mexico.

In response to the data breach, Fred Hutchinson released the following press release:

Notice of information security incident involving Fred Hutchinson Cancer Center

All clinics remain open while investigation remains ongoing

SEATTLE – DECEMBER 1, 2023 – Fred Hutchinson Cancer Center today announced the detection of unauthorized activity on limited parts of the Center’s clinical network. Upon learning of the situation, Fred Hutch took immediate action to quarantine the servers and contain the impact of the incident, including proactively taking their clinical network offline. Fred Hutch promptly notified federal law enforcement and retained a leading forensic security firm to further investigate the incident.

All Fred Hutch clinics remain open and actively serving patients as the investigation continues.

Fred Hutch is committed to the safety, wellbeing, and safeguarding of patient and employee information and is continuously updating and enhancing systems to prevent external parties from accessing information. We have implemented additional defensive tools and increased monitoring to further protect data.

Fred Hutch is working to complete the investigation as quickly as possible and will contact any individuals whose information was involved. As a precautionary measure, Fred Hutch recommends individuals remain vigilant to protect against potential fraud and/or identity theft by reviewing account statements, monitoring credit reports, and notifying financial institutions of any potential suspicious activity. Individuals may also wish to review the tips provided by the Federal Trade Commission (or FTC) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft.

For more information and to contact the FTC, please visit  https://www.identitytheft.gov/#/ or call 1-877-ID-THEFT (1-877-438-4338). You may also contact the FTC at Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

Additional information can be found on Fred Hutch’s dedicated webpage, or those impacted can contact the call center for support at 1-888-983-0612.

Media Contact:

media@fredhutch.org

206-667-2210

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author

robin hattersley headshot
Contact:

Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety HQ