Hammersmith Medicines Research Ltd. was scheduled to commence a trial of a potential COVID-19 vaccine when it was attacked by the Maze ransomware group on March 14, locking down its systems. When it resisted the hacking group’s demands, the latter published historic sensitive data on thousands of former patients who also happen to be clinical subjects in previous clinical trials involving Ebola and Alzheimer’s disease. Leaked publish data includes medical questionnaires, copies of passports, drivers’ licenses, and national insurance numbers of over 2,300 patients.
It would appear that criminal groups such as the Maze hacking group know no boundaries. In the middle of a global pandemic where already thousands have died, they group sought to exploit a clinical research center. What follows is a TrialSite News breakdown of this news published in various outlets including siliconANGLE.
Who is Hammersmith Medicines Research Ltd.?
Based in London, England, Hammersmith Medicines Research offers pharmaceutical sponsors deep clinical research experience with over 850 clinical trials completed since 1993. The organization works with biotech and pharmaceutical sponsors on early Phase I studies. The organization is one of the largest early-phase units in Europe (145 beds) offering full service for Phase I and early Phase II studies, from design to final close out. The center has been inspected many times by UK, European and the FDA for good clinical practices. In fact, the FDA recently inspected the facility with no findings.
Hammersmith Medicines Research has completed studies involving Ebola and Alzheimer’s disease and was preparing to undertake COVID-19 studies.
What recently happened?
A criminal hacking group called Maze ransomware group infected the research site’s computer systems with malware and locked their systems down. The criminal group requested money and when Hammersmith didn’t oblige the hackers started publishing historic sensitive data concerning medical and personal information about thousands of former patients (also clinical trials subjects). Over 2,300 patient records have been compromised.
Is it true that Hackers were holding back during the COVID-19 pandemic?
No. There was chatter as reported in Computer Weekly but clearly criminals don’t care about anything other than illegally enriching themselves.
Who is the Maze ransomware group?
According to the FBI, the Maze group has been intensifying its operation since November 2019. Maze uses multiple methods to penetrate victims’ systems such as the creation of malicious look-a-like cryptocurrency sites and malspam campaigns impersonating government agencies and well-known security vendors. Once Maze penetrates the target and breaches their network, they exfiltrate the files before encrypting connected devices, systems, and networks. They then demand money from the victim. If they are not paid, they then release data publicly.
How can medical centers/research sites bolster defense?
According to security firms, such as Trend Micro, organizations need to update their IT/IS systems and applications to the latest versions so security software can be fully updated. Many healthcare organizations are conservative and tend to run on legacy platforms and that along with failing to patch underlying operating systems and other software applications, the systems remain like sitting ducks, highly vulnerable to ransomware.
Moreover, research sites can leverage the use of multi-factor authentication on all endpoints. Other strategies include backup and password policies, standard operating procedures around security, segmentation of systems and more.
Clinical research sites need to take computer/internet security very seriously. Make sure the appropriate expertise is retained to do vulnerability assessments to ensure that defenses are hardened.