Cybercriminals post health system employee information online

A hacker group has stolen sensitive employee files from a health system in New Mexico and posted them online in an attempt to extort payment. The files contained job applications and background check authorizations with Social Security numbers. This tactic, called “double extortion,” is a new strategy where hackers post stolen information after a ransom has not been paid. Experts warn of increasing risks, such as changing stolen data and demanding payment for its reinstatement. The same hacker group used a similar tactic in February by posting tens of thousands of stolen records. The COVID-19 vaccine and reliance on telehealth make healthcare systems attractive targets for hackers.