Poland's major medical laboratory network, ALAB Laboratoria, fell victim to a significant cyberattack on November 19, leading to unauthorized server access and potential exposure of patients' personal data. The breach, impacting tens of thousands of Polish citizens who undertook medical tests between 2017 and 2023, was executed by a ransomware group identified as RA World.
Unprecedented Data Breach and Ransom Demand
The cybercriminals not only gained access to sensitive information such as full names, personal identification numbers (PESEL), birthdates, addresses, and medical test results but also threatened ALAB Laboratoria with the public release of all stolen data unless a ransom was paid by December 31. The leaked data was reportedly released online, causing widespread concern and alarm among affected individuals.
Immediate Action and Damage Control
In response to this alarming incident, ALAB Laboratoria informed the President of the Office for Personal Data Protection, relevant institutions, and filed a criminal suspicion report with the Central Cybercrime Bureau. The company hastily implemented emergency security and communication protocols to mitigate the effects of the attack and determine the extent of the damage. They also initiated internal and external data security audits and network monitoring to detect any potential public disclosure of the illegally obtained data.
Warning and Advice to Affected Individuals
ALAB Laboratoria issued a warning about the potential repercussions of the data theft, which could include unauthorized loans, healthcare service access, insurance fraud, and criminal use of pre-paid phone cards. To protect themselves, affected individuals have been advised to set up credit and economic information system accounts, share personal data cautiously, and reserve their PESEL number at mobywatel.gov.pl. The National Academic and Computer Network (NASK) has also urged those affected to be vigilant against potential cyber scams exploiting their data.