Hackers published subsequent batches of information to which they gained access as a result of a massive attack on the servers of the ALAB laboratory network. The company is investigating the situation. It is also looking at patient data circulating on the Internet.
“Preliminary analysis indicates that we had previously correctly identified the scope of data to which criminals gained unauthorized access,” said Dr. Seweryn Dmowski, communications advisor to the ALAB management board, in an interview with the media. Their illegal takeover took place on November 19, 2023. Information about patients was stolen by hackers. This includes names and surnames, dates of birth, places of residence, and PESEL numbers. The cyberattack was the deliberate action of a criminal group that wanted to extort the company for ransom. However, she does not intend to give in and meet the criminals’ demands.
Confidential patient data shared online
The files made public on the Internet include over 100,000 documents. This concerns primarily the results of research carried out in the ALAB network laboratories in 2017-2023. The case was handled by the prosecutor’s office. The company’s representative ensures that it is in constant contact with all relevant services and institutions that deal with cybercrime and network security on a daily basis.
It is worth emphasizing that violating patients’ privacy may have very serious consequences. Fraudsters use stolen data to take out loans from banks or non-bank institutions. Thanks to them, they also gain access to health care services available to victims of cyber attacks. They come into possession of information about their health condition. The acquired knowledge is used by them to obtain insurance funds. All these actions expose the injured parties not only to the loss of their good name and money, but also to criminal liability. It is important to remember that hackers often impersonate patients to commit various types of crimes.
How to protect your privacy and medical data?
ALAB laboratories assures that it has already taken appropriate steps to protect customers’ medical data and has informed all victims of the cyberattack whose data fell prey to hackers about the resulting threats. These clients can count on support in obtaining a free BIK alert for a period of 6 months. This is a service that notifies you about a fraud attempt using confidential data (taking out a loan, signing a contract, etc.).
What else can be done to reduce the risk of a cyber attack? First of all, you should be very careful when sharing information about yourself. It is also worth blocking your PESEL number and opening an account in the credit and business information system (this will, among other things, allow you to monitor your credit card activity).