The UAE-based Moorfields Eye Hospitals has confirmed a cybersecurity incident after a ransomware group is seen threatening to leak the stolen data.
The Moorfields Eye Hospitals in UAE is a branch of Moorfields London, part of Britain’s National Health Service (NHS).
As of yesterday, as observed by Security Report, the Moorfields Hospitals UAE website is showing the following message:
“Moorfields Dubai has recently been the subject of an IT security incident on one of its servers.”
“We are undertaking an urgent thorough investigation, led by a leading cybersecurity specialist agency, to ascertain what information could have been accessed.”
Patient appointments are expected to go on as normal.
“We continue to offer our full range of services and we advise all patients to attend their appointments as scheduled,” states the notice.
AvosLocker claims responsibility for the attack
Ransomware group AvosLocker claimed responsibility for the attack on Moorfields on their leak site, as of August 15th, 2021.
AvosLocker also states they have obtained 60 GB of proprietary data, including patient information, that they will leak if the ransom demand is not met.
As seen by Security Report, some of the proofs posted by AvosLocker include:
- Copy of ID cards, passports and travel documents
- Insurance claim forms
- Accounting documents, such as aged trial balances
- Hospital call logs
- Internal memos
AvosLocker is known for infecting Windows machines to encrypt files and add a “.avos” extension to them.
Typically, the ransomware group uses spam emails or misleading advertisements as the primary delivery mechanisms for the malware. To encrypt data, AvosLocker employs a customized version of the Advanced Encryption Standard (AES) algorithm with block size 256, according to cybersecurity firm Cyble.
With recent cyberattacks on healthcare facilities, with some even leading to loss of life, ransomware groups now pose an ever-increasing risk to critical infrastructure.
Moorfields UAE is in the process of notifying the affected patients already. Those who are concerned they might be affected can also email firstname.lastname@example.org.