Argentinian Comprehensive Medical Care Program (PAMI) hacked, stolen data published

Programa de Atención Médica Integral" - Argentine government-run Comprehensive Medical Care Program (PAMI) reported a significant cyberattack executed by the cyber crime group Rhysida.

The crime group managed to breach PAMI's systems and exposed an astonishing 1.6 million files, totaling 831GB of data, on the dark web.

Apart from the data breach, the cyberattack resulted in operational setbacks for PAMI, including delays in medical procedures and treatments, a daily influx of 90 complaints, and hindered access for the institution's 14,000 employees. These employees were unable to use their computers in the standard manner due to the attack's disruptive nature.

Upon examining the released files on the dark web, cybersecurity experts discovered references to highly sensitive medical records, encompassing topics such as

• home vaccinations,
• cancer care details,
• lab reports,
• studies involving confidential medical imaging like CT scans and ultrasound scans.

Filenames indicate that internal information was also compromised, including data pertaining to

• medical center audits,
• patient billing,
• financial records,
• employee CVs,
• supplier contracts.

For PAMI to regain access to these files and not to be published, the criminals demanded a ransom of 25 BTC, equivalent to around $647,000 at the time, and the deadline for payment was set for Saturday.

Rhysida first blocked access to the compromised data, and then they issued threats to leak the data publicly, intending to tarnish the reputation of the targeted organization.

Despite the severity of the situation, PAMI tried to downplay the incident, asserting that they had successfully mitigated the attack and safeguarded their server information. PAMI has not released any details about the attack nor number of affected individuals.