Ransomware Group Leaks 175 GB of Data from Clinical Research Organization

SafetyDetectives Cybersecurity Team
SafetyDetectives Cybersecurity Team SafetyDetectives Cybersecurity Team
SafetyDetectives Cybersecurity Team SafetyDetectives Cybersecurity Team SafetyDetectives Cybersecurity Team

Safety Detective’s cybersecurity team stumbled upon a post in which the ransomware group “RansomHub” states that they have leaked 175 GB of data from the Baim Institute for Clinical Research, a renowned non-profit academic research organization based in Boston.

A recent cyberattack has yet again affected healthcare organizations, this time putting at risk the Baim Institute for Clinical Research, a renowned non-profit academic research organization. According to their website, the Baim is “based in Boston, but with experience in research that spans the world. We collaborate with the world’s leading researchers from national and international institutions to design, implement, and complete clinical trials, and then develop programs to translate the results into clinical practice.”

The ransomware group “RansomHub”, the same authors of the Florida Department of Health data leak, now claim responsibility for breaching the Baim Institute’s systems, stealing and subsequently leaking 175 GB of sensitive data.

On July 3, 2024, after gaining access to the institute’s database, the group published a statement on their dark web website saying “Please contact us to prevent data leakage” along with a deadline and the size of the data stolen. After missing the ransom payment’s deadline, the threat actor published the data in their website, available to be downloaded by anyone who could access it.

Ransomware Group Leaks 175 GB of Data from Clinical Research Organization

This screenshot collage from the RansomHub website displays the countdown timer for The Baim Institute to make contact along with the size of the data and the number of visits. It also shows the same screen after the data was published.

Ransomware Group Leaks 175 GB of Data from Clinical Research Organization

This screenshot from the RansomHub website reveals the Baim Institute listed as one of their victims, along with a demand for contact and the link to the leaked data.

Following the deadline, our cybersecurity team discovered a message on the ransomware group’s website which indicated: “The complete data will not be released, only part of the confidential data is released”. Our team reviewed a sample of the data, and they could confirm the authenticity of it. Within the reviewed sample, our cybersecurity team were able to see:

  • PDFs of clinical trials programs;
  • .xlsx invoices tracking files from 2019 up to March 2024, which show a list of sponsors, projects, doctors’ names and rates;
  • .msg files, one of them showing a chain of emails regarding a mortality analysis of a clinical trial along with the responsible doctors’ names and email addresses.
  • .xlsx files showing billing information and revenues from different projects for various pharmaceutical companies;
  • study access request forms, which display the employee’s full name, email address, and phone number.
  • .xlsx files, categorized under an index named “Mortality analysis”, with information about patients who suffered medical incidents. The file our cybersecurity team reviewed includes the patients’ nationality, age, gender, study IDs, details of the medical incident, and whether it was related or not to the clinical trial.

The disclosure of such data could potentially jeopardize the privacy and security of individuals involved, exposing them to risks like targeted phishing attacks, which could lead to more serious threats such as identity theft. The data exposure could also damage the reputation of the Baim Institute, as peers, employers, financial institutions, and other entities could perceive the organization as vulnerable or untrustworthy in the aftermath of the ransomware attack. Furthermore, it may place the Baim Institute in a difficult legal position if patients’ Protected Health Information (PHI) was compromised, potentially resulting in penalties for violations of the Health Insurance Portability and Accountability Act (HIPAA). Although our cybersecurity team did not find any evidence of this within the reviewed sample, it is important to mention that we did not review the entirety of the database.

Moving forward, it’s crucial for all organizations to enhance their cybersecurity defenses and collaborate with industry experts to strengthen their resilience against future threats. By investing in proactive cybersecurity measures and staying vigilant against evolving cyber threats, organizations can better protect themselves and safeguard the sensitive information entrusted to them. By reporting these incidents, we aim to inform potentially affected parties so that they can act quickly to protect their data.

What to Do If You Believe Your Data Was Exposed

If you suspect that your personal information was compromised in the ransomware attack take these immediate steps to protect yourself:

  1. Contact your healthcare provider: If you suspect your health data was exposed in a breach, let your healthcare provider know immediately. Make sure to regularly monitor your health records with them for any unauthorized changes or activities that could indicate misuse of your personal health information.
  2. Stay informed: Stay informed about the breach and the specific types of data that may have been compromised. Understanding what information has been exposed can help you assess the potential risks.
  3. Verify requests: If you receive an email or message requesting sensitive information or prompting you to click on a link, verify the authenticity of the sender before taking any action.
  4. Seek legal advice: Consult experts in data privacy and cybersecurity laws to understand your obligations under regulations like GDPR or HIPAA and assess potential liabilities arising from the breach.

By taking these steps, you can significantly reduce the risk of further harm and protect your personal information from being misused. Stay vigilant and proactive in safeguarding your digital identity.

The information in this report is derived from the discoveries made by our cybersecurity team on the website of the ransomware group. While every effort has been made to validate the information presented, it is essential to recognize that data originating from illicit sources like the dark web may not always be entirely accurate or verifiable through conventional means. Readers are urged to exercise discretion when interpreting the details provided in this report.

About the Author
SafetyDetectives Cybersecurity Team
SafetyDetectives Cybersecurity Team
SafetyDetectives Cybersecurity Team

About the Author

The SafetyDetectives research lab is a pro bono service that aims to help the online community defend itself against cyber threats while educating organizations on how to protect their users’ data. The overarching purpose of our web mapping project is to help make the internet a safer place for all users

Leave a Comment