PilotFish Technology develops legacy standards, systems and technology software.
It includes middleware to integrate disparate systems and offers healthcare solutions with HL7 features. It gathers patient data and manages operations with smart medical devices.
On August 9th, security firm InfoArmor identified a hacker known as “batwhatman” who claimed to have PilotFish Technology source codes.
The hacker has claimed to have PilotFish Technology products’ source codes and being offered for sale on the Alpha Bay Market.
Alpha Bay Market
Alpha Bay Market is an online black market on the Tor network which cybercriminals used for transacting illicit products and services such as stolen data.
The darknet site was launched in 2014 and saw a steady growth in the first few weeks of operation. Alpha Bay Market is currently one of the largest darknet markets.
Risks of the Attack
The hacker is believed to have compromised an SVN server and stolen various application codes in JAVA language. Some of the source codes filenames and listings point to business applications designed by PilotFish Technology.
These include strings such as “pieadmin,” “EIPExecutor,” and “eip-server.”
The hack causes more threat to the organization as hackers also got PilotFish employees’ usernames which were associated with various compilation instructions besides the source codes.
According to Andrew Komarov, chief intelligence officer for InfoArmor, based on the hackers comments it seems the source codes are all from PilotFish’s products including more than 10,000 files.
Batwhatman also claimed to have accessed the database and licensing system of customers with the aim of stealing clients’ information and records.
The customers’ database contains information which includes customer’s credentials which may be at risk of targeted phishing attacks in future.
The database contains information from more than 1700 companies in the US, China, Australia, Canada, and EU.
In July, the cybercriminal “TheDarkOverLoad” claimed to have compromised a software vendor’s data.
However, the victim was not named, speculating that the stolen source codes were related to EMR/HER systems.
TheDarkOverLoad, is known as a previous member of Hell Community and The Real Deal Marketplace which allows cybercriminals to transact commercially and sell various compromised data.
The hacker had attempted to extort PilotFish through a Twitter account that has consequently been deleted.
In 2013, the size of the global healthcare IT markets was valued at $41.2 billion. As the need for modern systems and technology increases, the growth will increase the risk of cyber-attacks by cybercriminals who will keep finding ways to exploit the growth for their gain.
The purpose of InfoArmor is to notify all healthcare organizations to raise vital security concerns regarding the potential attacks associated with third party providers being targeted by cybercriminals.
Whether the result is stolen PII/PHI, ransomware, targeted spear phishing attacks or any other kind of exploitation, the consequences can have a drastic impact to any organization.