CANADA: The Alberta Dental Service Corp. (ADSC), a Canadian provincial government body responsible for dental services, has acknowledged succumbing to a ransomware demand following an 8base ransomware attack.
The incident came to light on July 26, when ADSC detected the ransomware attack and identified data related to public dental benefits programs under its administration to be compromised in a recent cybersecurity breach.
Preventive Measures and Recovery
In response, ADSC swiftly undertook measures to block unauthorised access, engaged a third-party forensic firm, and managed to restore affected systems and data through backups, incurring minimal loss. Although nearly 1.47 million individuals’ data were believed to be compromised, only a small number had personal banking information exposed. Those affected in this manner were offered complimentary credit monitoring services.
What sets this case apart is ADSC’s decision to pay the ransom demanded by the 8base ransomware group. As reported by IT World Canada, ADSC’s corporate president Lyle Best revealed that the payment occurred as part of negotiations brokered by the organisation’s cyber insurance provider and forensic investigator.
8base gang provided evidence of data deletion in accordance with the agreement, signalling an unusual outcome for a ransomware incident.
Sophistication and Tactics
8base has been operating since March 2022, combining encryption and “name-and-shame” tactics to compel victims to comply with ransom demands. Researchers from VMware Inc. highlighted the group’s resemblance to previous ransomware campaigns, suggesting a level of sophistication despite its relatively recent appearance in the cyber landscape. 8base’s modus operandi includes maintaining a leak site to publicise victims’ data and employing intimidation strategies to coerce ransom payment.
Erfan Shadabi, a cybersecurity expert from comforte AG, emphasised the gravity of the breach in the healthcare sector. Patient information’s sensitivity mandates heightened vigilance in safeguarding it, considering the far-reaching consequences of such incidents. Shadabi urged healthcare organisations to prioritise data-centric security approaches like tokenisation, underscoring the importance of proactive cybersecurity measures.
The information and viewpoints presented in the above news piece or article do not necessarily reflect the official stance or policy of Dental Resource Asia or the DRA Journal. While we strive to ensure the accuracy of our content, Dental Resource Asia (DRA) or DRA Journal cannot guarantee the constant correctness, comprehensiveness, or timeliness of all the information contained within this website or journal.
Please be aware that all product details, product specifications, and data on this website or journal may be modified without prior notice in order to enhance reliability, functionality, design, or for other reasons.
The content contributed by our bloggers or authors represents their personal opinions and is not intended to defame or discredit any religion, ethnic group, club, organisation, company, individual, or any entity or individual.