Texas-based Methodist McKinney Hospital has been threatened by the Karakurt hacking group to have information regarding data stolen from its servers, according to CBS News.
Karakurt hackers have claimed exfiltrating 360GB of files from Methodist McKinney, as well as two of its surgical centers, including patient cards, prescription scans, invoices, accounting, contracts, and financial documents.
Cybersecurity experts have praised Methodist McKinney's decision not to pay the ransom demanded by Karakurt.
"I think it was absolutely the right call. Had the hospital paid, it had no guarantees that the data would have been deleted," said Emsisoft Threat Analyst Brett Callow.
However, the incident should prompt healthcare providers to strengthen their defenses, with data breaches already having impacted more than 50 hospitals across the U.S. so far this year.
"They absolutely need to do more. Most attacks like this are preventable; they occur because of security weaknesses," said cybersecurity expert Andrew Sternke.
California's Tahoma County may have had its employees', service recipients', and affiliates' personally identifiable information compromised following a data breach of systems belonging to its Department of Social Services, which was identified on April 9 but was found to have occurred from Nov. 18, 2021 to April 9, 2022, according to SecurityWeek.