Data leakage with more than 665,000 medical studies in Argentina

The cybercriminal group D0T CUM, has offered for sale the results of 665,128 medical studies extracted from the provider Informe Médico, which is contracted to 30 clinics, sanatoriums and hospitals in Argentina. The publication has been announced in cybercriminal forums dedicated to trading in sensitive information and leaks. This incident was detected on April 4 by Birmingham Cyber Arms LTD, a dedicated cybersecurity threat intelligence platform.

Informe Médico is a developer of medical image storage and distribution systems, as well as providing other medical management tools. The published studies correspond to different types of medical data ranging from X-ray images, ultrasound scans, CT scans, to general laboratory tests and specific tests, and even cases of studies of a more intimate nature. All these studies include the personal information of the patients and professionals involved.

Once the data has been stolen, the cybercriminal group tried to extort money from the affected entities in exchange for not publishing the stolen data. As the data is medical information, it can have a high market value, as it includes private customer information. Scammers dedicated to social engineering attacks, such as phishing or any type of fraud, are the main buyers of this kind of information.