Cybersecurity and Medical Groups
City of Hope Pwned
Charles Parker
The list of medical companies being compromised continues to grow. It seems like very
day there are more of these. The reach of the issue goes far beyond the company or practice
and to the patients who have to deal with this for years and years, always watching if their tax
return has been fraudulently filed, new credit cards opened by someone in the victim’s name, or
simply their identity stolen for whatever purpose the adversaries want.
A successful attack was on the City of Hope. This is a cancer treatment center. The City
of Hope (on a tangent, of all the potential targets a cancer treatment center was chosen?)
detected unusual activity on one of their systems around October 13, 2023. Upon verifying the
issue, the security team went into incident response mode and began to put their plans into play
to stop the continued internal growth of the attack.
While they were diligent, the adversary did gain unauthorized access/foothold to a
portion of their systems and were able to copy files with sensitive, personal data. The data set
would be perfect for the adversaries to sell in whole or cut into pieces. This included the
patient’s name, email address, phone number, date of birth, social security number, driver’s
license number or other government ID, their financial details, health insurance information,
medical records, and more. For each person this is a treasure trove. In this incident, 827,149
people were affected.
As part of the post-incident, the City of Hope did notify the Attorney General’s Office. The
organization also led an investigation into the attack.
About the author-
Charles Parker II has been working in the info sec field for over a decade, in the banking,
medical, automotive, and staffing industries. Charles has matriculated and attained the MBA,
MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security
(ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and
SCADA.
Comments