After a ransomware attack, cyberhackers published sensitive personal data online about members of the Order of Nurses of Quebec.
The Press found on the hidden web (dark web) an overview of the stolen data. They contain in particular lists of members including their contact details, their social insurance numbers and their dates of birth.
The information also includes copies of members’ health insurance cards, driver’s licenses and marital status documents, as well as competency exam results.
The Order’s website (OIIQ) was down on Tuesday. On a “maintenance” page, the organization says it detected “irregular activity” in its computer systems on April 19. “In light of the initial information collected, everything suggests that the OIIQ is targeted by a cybersecurity incident perpetrated by an unauthorized external third party. »
We have chosen not to name the group responsible for this criminal act so as not to give them publicity and not to make it easier to locate the data online. The ransomware gang steals computer files and damages them from its victims’ servers, like other similar criminal associations. It then demands payment, under penalty of offering the data to the public.
Ransom demanded: US$200,000
On its hidden web blog, the gang claims to have gotten their hands on 112 gigabytes of data. He demands US$200,000 either to delete them from his site or to download them, or even $10,000 for a one-day delay.
The Order has not yet responded to questions from The Press. We do not know what reception he gives to the ransom demand from the criminals.
“A team of experts is currently conducting an in-depth investigation, intended to shed light on the situation, secure the IT environment and restore the situation as quickly as possible,” explains the organization on its site.
The OIIQ is responsible for monitoring the professional practice of qualified nurses in Quebec. It therefore collects personal data on all its members.
“Ransomware is a big problem,” says Brett Callow, a threat analyst at antivirus firm Emsisoft. Government attempts to stem the problem have failed miserably and new strategies are desperately needed. »
Contacted by The Pressthe office of Minister of Cybersecurity Éric Caire has not given any sign of life.