Criminals to auction off DNA records stolen in data breach of McAlester Regional Health Center

The McAlester Regional Health Center, Oklahoma, was targeted by the Karakurt ransomware group . The group claims to have successfully stolen more than 126GB of data from the healthcare facility, which includes a significant amount of sensitive patient information, particularly DNA records.

On their dark web leak site, Karakurt threatens to publish samples of the stolen data and subsequently auction off 117GB of the hospital's information.

One of the most alarming aspects of this breach is that part of the data cache includes at least 40GB of genetic DNA patient records. Genetic information is highly sensitive and can be exploited for malicious purposes, such as blackmail or profiting through fraudulent paternity results. It can also reveal predispositions to diseases and existing medical conditions, which may have severe consequences for individuals' employment prospects, insurance premiums, and even lead to social stigma.

The Karakurt group employs various tactics, techniques, and procedures (TTPs), making defense and mitigation against their attacks challenging. They gain access to victims by purchasing stolen login credentials or leveraging already compromised victims through third-party broker networks.

Karakurt does not encrypt compromised machines or files, unlike other ransom gangs. Instead, they relentlessly harass their victims through emails and phone calls, going as far as targeting employees, business partners, and clients of the victims.

The ransom demands issued by Karakurt range from $25,000 to $13 million in Bitcoin, and they usually set payment deadlines within a week of initial contact with the victim.

Despite the seriousness of the breach, McAlester Regional Health Center has not yet made any public statements regarding the incident.