and 55 thousand results of laboratory tests conducted by the ALAB network of laboratories (currently it is said that these were the results of several thousand people). On the same day
PAP: Hackers demanded several hundred thousand dollars in ransom from ALAB
The data was stolen from ALAB servers on November 19, exactly one week before its disclosure. At that time, the company was allegedly blackmailed – the criminals wanted to receive a ransom in exchange for not disclosing the stolen data. However, this did not happen, and the hackers wrote that they were disclosing sensitive data due to the company’s “lack of willingness to cooperate.”
Now that the Regional Prosecutor’s Office in Warsaw has already initiated an investigation based on the notification submitted by Alab Laboratoria. The investigation will be conducted “into obtaining unauthorized access to the IT system and obtaining information stored in it by encrypting the contents of servers belonging to the injured company using malicious ransomware.”
The prosecutor’s office also reported that one of the effects of the attack was “impeding access to IT data and preventing their automatic processing, collection and transmission.” Moreover, the investigation will also be conducted in terms of “demanding ransom by the perpetrators (…) in exchange for providing decryption keys and not disclosing the obtained data” and “unlawful processing of personal data” of the company.
The Office of Competition and Consumer Protection and the Patient Ombudsman were also involved in investigating the data leak. However, neither ALAB nor any of the institutions involved in the case provide information on the amount of the ransom, but we have just learned it from unofficial reports. PAP unofficially determined that the hackers demanded several hundred thousand dollars from the company.
This is not the end of leaks. Hackers assure that they have much more data
As is currently known, the hackers published only a small fragment (approx. 2%) of all the stolen data, which is said to amount to almost 250 GB. Only tests ordered by three medical facilities – one each from Łomianki, Warsaw and Łódź – carried out from October 2017 to September 2023 were selected for the “demonstration” sample.
Criminals also declare that they will disclose the stolen information by the end of December if they do not receive the money. Although, of course, it cannot be ruled out that they would publish or sell sensitive information about patients on the black market, even if the ransom was paid.
As we mentioned earlier, the data (apart from the research results themselves) include names and surnames, residential addresses and PESEL numbers. It is therefore worth checking whether our data has been leaked using the government toolbezpieczdane.gov.pl, which is already updated with the latest leak. It is also worth registering your PESEL, because recently every (adult) Pole has this opportunity. We wrote more about what we can do in the text below:
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
