Regional Medical Center MacAdroter in Oklahoma, known for its specialized cyber absorption services, has become the latest target of a hacker group known as Karakurt. The group has claimed to have stolen more than 126GB of information, including extensive medical records of customers, and plans to sell them at an auction to the highest bidder.
According to Karakurt, several other medical institutions will also be featured in the “dark fair” on August, as these companies have reportedly abandoned negotiations and will soon be up for auction.
The catch for potential buyers includes at least 40GB of DNA test results. The stolen genetic material has the potential to be used for blackmail and extortion, such as through falsified paternity test results. This could lead to threats of revealing information about genetic predispositions to diseases and serious diagnoses, impacting employment opportunities, insurance premiums, and even social status.
In addition to personal documents, financial and accounting reports, and various personnel documents, were also leaked in this breach.
“Another medical center that doesn’t care about the data of its patients,” stated the attackers. “40GB of data on DNA tests is a bonus! Stay with us.”
Representatives of Regional Medical Center MacAdroter have not yet issued any public statements regarding the breach. The hospital, located southeast of Oklahoma City, operates round the clock and offers more than 20 types of services, generating an income of nearly $250 million.
Another victim of the Karakurt group is the Regional Family Medicine, a primary medical care organization based in Arkansas. Karakurt claims to have stolen more than 5GB of SQL employees’ data, including social insurance numbers, medical reports, bank statements, accounts, and other important documents.
Previously, the Karakurt group, also known as Karakurt Team or Karakurt Lair, was identified by the Cybersecurity and Infrastructure Security Agency (CISA) in a bulletin released in June 2022. The hackers often publicize their leaks without actually encrypting the infected devices or files.
Karakurt employs different tactics, such as annoying mailings, letters, and phone calls to victims, employees, business partners, and clients. The ransom demands have ranged from $25,000 to $13 million in Bitcoin, with payment terms established one week after initial contact with the victim.