Fraud Management & Cybercrime , Healthcare , Industry Specific

How a Novel Legal Maneuver Got a Hospital's Stolen Data Back

Healthcare Attorney and Bioethicist David Hoffman on Battle Against Cybercriminals
How a Novel Legal Maneuver Got a Hospital's Stolen Data Back
David Hoffman, attorney and general counsel, Claxton-Hepburn Medical Center

The ubiquity and anonymity of cryptocurrencies are fueling economic, legal and ethical challenges that put healthcare entities in the crosshairs of cybercriminals, said David Hoffman, general counsel of Claxton-Hepburn Medical Center, which recently filed a lawsuit against ransomware gang LockBit.

"I'm frankly enraged that as a global society we have endorsed and, in fact, promoted the availability of anonymity in cyber currency transactions," he said in an interview with Information Security Media Group.

"For generations, numbered anonymous Swiss bank accounts were the pre-electronic revolution means of engaging in financial transactions where the parties could remain anonymous," Hoffman said. But over the last decades, "even Switzerland recognized that that was an untenable business model for the Swiss banking system, and they eliminated anonymous numbers of Swiss bank accounts.

"And then what did we turn around and do? We recreated that same problem on steroids in a way that it has facilitated these ransomware attacks and lots of other criminal activities," said Hoffman, who is also an assistant professor of bioethics at Columbia University.

Claxton-Hepburn Medical Center is a 115-bed, Ogdensburg, New York-based facility. It and its sister organizations, Carthage Area Hospital and North Country Orthopaedic Group, make up upstate New York-based North Star Health Alliance, which LockBit hit with a ransomware encryption and exfiltration attack last summer.

"We had all of our data backed up and were able to successfully restore from the backup," Hoffman said. Still, LockBit stole North Star Health Alliance data, which the FBI later determined the cybercriminals transferred and stored on a server belonging to a Boston-based cloud services firm, Wasabi Technologies.

North Star Health Alliance took the unusual legal move in November of filing a lawsuit against anonymous "John Doe" and "Jane Doe" LockBit ransomware threat actors, despite realizing the cybercriminal group would likely never acknowledge or respond to the complaint (see: Hospitals Sue LockBit, Ask Cloud Firm to Return Stolen Data).

Nonetheless, North Star Health Alliance's litigation achieved its main objective: It served as a legal maneuver to force the return of hospital's stolen data by Wasabi Technologies (see: Exclusive: Cloud Vendor Returns Stolen Hospital Data).

North Star Health Alliance is currently analyzing the retrieved data to determine the number of patients and type of information compromised in the incident.

"In light of the recent attacks on a whole range of infrastructure - both ransomware attacks and outright, malicious, destructive attacks - we need to rethink whether this notion of anonymous cyber currency transactions serves a sufficiently beneficial purpose," he said. "Cybercriminals perceive that hospitals are good targets. We ought not to tolerate it."

In this interview with Information Security Media Group (see audio link below photo), Hoffman also discussed:

  • What's next in North Star Health Alliance's lawsuit against LockBit;
  • Legal, ethical and business matters and other thorny issues that healthcare entities must consider in deciding how to respond to cyberattacks and handle extortion demands;
  • Other top cyber challenges facing the healthcare sector.

Hoffman, a healthcare lawyer and clinical ethicist in New York, serves as general counsel and oversees compliance at Claxton-Hepburn. He also serves as an assistant professor of bioethics at Columbia University and a clinical assistant professor at the Albert Einstein College of Medicine, where he teaches in the areas of law, medicine and ethics.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.