A recent cyberattack has targeted the Baim Institute for Clinical Research, a prominent non-profit academic research organization based in Boston.

The ransomware group “RansomHub” has claimed responsibility for the breach, stating that they have leaked 175 GB of sensitive data.

On July 3, 2024, RansomHub announced its successful infiltration of the institute’s systems. They published a statement on their dark web urging the institute to contact them to prevent data leakage, along with a deadline for the ransom payment. RansomHub released portions of the stolen data online when the institute failed to meet the deadline. Safety Detective’s cybersecurity team confirmed the authenticity of the leaked data, which includes:

Buy Me a Coffee
  • PDFs of clinical trials programs.
  • .xlsx invoices tracking files from 2019 to March 2024, showing sponsors, projects, doctors’ names, and rates.
  • .msg files containing email chains about a mortality analysis of a clinical trial with doctors’ names and email addresses.
  • .xlsx files detailing billing information and revenues for various pharmaceutical companies.
  • Study access request forms displaying employee full names, email addresses, and phone numbers.
  • .xlsx files under “Mortality analysis” with patient information including nationality, age, gender, study IDs, details of medical incidents, and their relation to the clinical trial.

The exposure of this data compromises the privacy and security of the individuals involved, posing risks like targeted phishing attacks and identity theft. It could also tarnish the Baim Institute’s reputation and result in legal repercussions if patients’ Protected Health Information (PHI) was compromised, although the reviewed sample did not confirm this.

READ
‘Disable Admin Notices Individually’ Plugin Exposes 100,000+ Sites to Risk

If you suspect that your personal information was compromised in the ransomware attack take these immediate steps to protect yourself:

  1. Contact your healthcare provider: If you suspect your health data was exposed in a breach, let your healthcare provider know immediately. Make sure to regularly monitor your health records with them for any unauthorized changes or activities that could indicate misuse of your personal health information.
  2. Stay informed: Stay informed about the breach and the specific types of data that may have been compromised. Understanding what information has been exposed can help you assess the potential risks.
  3. Verify requests: If you receive an email or message requesting sensitive information or prompting you to click on a link, verify the authenticity of the sender before taking any action.
  4. Seek legal advice: Consult experts in data privacy and cybersecurity laws to understand your obligations under regulations like GDPR or HIPAA and assess potential liabilities arising from the breach.

By taking these steps, you can significantly reduce the risk of further harm and protect your personal information from being misused. Stay vigilant and proactive in safeguarding your digital identity.