The personal information and medical history of about 100,000 patients of OT&P Healthcare leaked due to a cybercriminal attack earlier this week. On the other hand, the operator has confirmed the incident via post.
According to the company’s CEO, the cyberattack occurred within their clinic’s management and operating system. Unfortunately, the system stores the medical records and patient identity and claims they have no idea how the actors obtained the data.
However, their security department observed a significant system instability earlier this week and approached a third-party cybersecurity researcher to evaluate the situation. The researcher only advised the company to shut down their system immediately.
OT&P Healthcare could have impacted over a hundred thousand patients.
OT&P Healthcare has eight clinics in Central, Clear Water Bay, and Repulse Bay. Overall, the healthcare institution has more than 100,000 patients. The company has already reported the cybercriminal incident to relevant individuals and has been under forensic examination since the discovery of the attack.
Fortunately, the CEO claimed that the attackers did not gain access to financial information or bank details during the attack. However, the patients’ passport numbers and HK identity cards are within the affected system.
Furthermore, the OT&P Healthcare CEO explained that all the cybercriminal evaluation is ongoing, preventing them from confirming any details about the attack. In addition, the company has also reported the data breach campaign to the Office of the Privacy Commissioner for Personal Data, the police, and the Department of Health.
The Department of Health has yet to release a statement regarding the attack, but the Privacy Commissioner revealed that they are also reaching out and assisting in the case. All the potentially affected patients received notifications from the company last week.
Some patients and individuals have claimed that they suffered an impact due to the attack on OT&P Healthcare but still refused to disclose their information for privacy reasons.
Cybersecurity experts suggest that potentially impacted individuals should be vigilant with phishing attacks as the actors could have used the stolen information to execute different threat campaigns.
