About the leak
ALAB Laboratoria is one of the largest nationwide networks of laboratory facilities in Poland. Its status meant that their databases fell victim to an organized hacker attack, which ended in success for the hacker side. The attackers demanded a ransom for not disclosing the data of sensitive patients data or even employees data. Leaked patient data includes: PESEL number, name and surname, residential address and test results assigned to them.
What data was uploaded?
On the dark web, the data was shared by a person known in hacker circles. 1,228 folders marked with parts of PESEL numbers were uploaded. From official information, we know that a total of 44.5 gigabytes of data and results were stolen from the company, including 187,000 PESEL numbers and 190 GB of company data. Many of them are already fully available to dark web users.
Was there any other solution?
From what we learn from the company’s employees, they have no intention of paying the ransom demanded by the hackers. As informed by Dr. Seweryn Dmowski, communications advisor to the ALAB management board, “this event is primarily a consequence of the company’s firm attitude, which does not negotiate with cybercriminals and does not intend to meet their ransom demands.”. It is worth asking yourself whether this is really a good approach. In my opinion, as companies increasingly adopt the strategy of “no negotiations with terrorists”, we will see fewer and fewer of them. What purpose will cybercriminals have if they cannot make money from their “work”. However, it is worth remembering that the company has lost the trust of its customers by not purchasing its data. In such situations, there is often no perfect solution.
What now?
Many people wonder if their data has been leaked and, if so, what to do with it. For this purpose, a special government website was created: bezpieczdane.gov.pl, where we can read about how exactly they check if your data was uploaded: “We check it by the anonymized PESEL number of the logged in user, so we can only check whether the PESEL number was included in the leak. We do not store data made public by criminals. Please note that they have indicated that they will release the data gradually, so check your data again later.”. Fortunately, I have already checked and I am lucky that my data has not been made public. However, I encourage each of us to check whether our data has not been leaked, and if so, read on the same website what we can do now.
How about you? What do you think – Should ALAB have paid the ransom?Will the Polish services manage to find the perpetrators behind this leak? Or maybe you yourself fell victim to this attack. Let me know in the comments!
Sources:
https://www.prawo.pl/prawo/wyciek-danych-pacjentow-alab-jak-sprawdzic-swoje-dane,524236.html
What technologies should they implement in order to avoid next data leak?
This is quite interesting topic when looking at it from the cybersecurity’s perspective Why? Because in the ranking published by MIT with the G20 countries (and Poland) with the highest cyber defence index, it is Poland on the 6th place. I am quite curious if this ALAB data leak anyhow affected Poland’s score (6.91 out of 10).
It’s a tough call on whether ALAB should have paid the ransom. The ethical dilemma around supporting criminal activities is significant. As for the Polish services, their track record suggests a good chance of finding the perpetrators behind the leak. Let’s hope for a swift resolution.
Really interesting article! The refusal to pay the ransom prompts questions on cybersecurity strategies. The government’s data verification website helps affected individuals. This incident underscores the ongoing challenge of balancing security and customer trust, emphasizing the need for vigilance and collaboration in cybersecurity.
In my opinion, The situation with ALAB Laboratoria’s data breach is alarming and raises important questions about cybersecurity and ransom demands. The decision by ALAB not to negotiate with the cybercriminals reflects a growing trend among companies to resist ransom demands. However, this stance comes with its own set of consequences, including potential loss of customer trust.
Seems like ALAB missed their cybersecurity workout. Maybe it’s time for them to hit the gym and bulk up those digital defenses!