Cybercriminals are resorting to swatting as a means to extort money from vulnerable cancer patients at the Seattle-based Fred Hutchinson Cancer Center. This criminal behavior comes in the wake of a cyberattack in November that impacted approximately 1 million individuals. As the threat of swatting looms, patients are being targeted for payments of $50 to protect their information from being sold on the dark web and to prevent false emergency calls.
Extortion Attempts and Demands
According to a proposed class action lawsuit filed against the cancer center, at least 300 current and former patients have been subjected to demands for payment to have their personal information scrubbed. The cybercriminals are exploiting the fear and vulnerability of these patients, threatening to call in bogus 911 emergencies at their homes or locations if they fail to pay the demanded ransom.
Background on the Cyberattack
Fred Hutchinson Cancer Center, an independent nonprofit serving as the cancer program provider of UW Medicine, detected unauthorized activity on portions of its clinical network on November 19th. This breach served as the starting point for the subsequent extortion efforts by cybercriminals.
Patient Information Breach
An investigation revealed that the attackers had successfully accessed patient information from Fred Hutchinson systems between November 19th and November 25th. This breach compromised sensitive data and raised concerns about the security measures in place to protect patient information.
Lawsuits and Allegations against Fred Hutchinson
Over the past few weeks, nearly a dozen lawsuits have been filed against the institution, alleging negligence and other missteps in safeguarding plaintiffs and class members’ sensitive information. Patients rightfully question the cancer center’s ability to protect their data, potentially leading to long-lasting consequences.
Advice from the Cancer Center
The Fred Hutchinson Cancer Center has explicitly advised patients not to acquiesce to any ransom demands. By refusing to pay, patients avoid perpetuating the extortion attempts and contribute to a strong stance against cybercriminals.
Response from the FBI
The FBI has been made aware of the swatting threats faced by Fred Hutchinson patients. However, there is currently no information to suggest that a swatting event related to this breach has occurred. Authorities remain vigilant and encourage patients to report any suspicious activities or threats they may receive.
Concerns about Escalating Tactics
Experts express concerns about the changing nature of cybercrime tactics, with an expectation that real-world violence may eventually become part of the extortion model. Recent swatting incidents have demonstrated their potential for harm, particularly when tied to hate crimes or targeting controversial figures.
The use of swatting to extort money from cancer patients at Fred Hutchinson Cancer Center exemplifies the lengths to which cybercriminals will go. It serves as a grim reminder of the vulnerabilities individuals face in an increasingly digital world. To combat such threats, organizations must continually strengthen their cybersecurity measures and work hand-in-hand with law enforcement agencies to bring these criminals to justice.