Cancer patients face blackmail threats after Fred Hutch data breach
Dec 8, 2023, 6:38 AM
A sign outside the Fred Hutchinson Cancer Center in Seattle can be seen in December 2023. (Image courtesy of 成人X站 7)
(Image courtesy of 成人X站 7)
SEATTLE 鈥 As if battling cancer isn鈥檛 hard enough, now patients at UW’s Fred Hutchinson Cancer Center are being extorted.
Last month, the Cancer Center experienced a data breach, exposing data for an unknown number of patients.
Some of those patients are getting emails threatening to leak their personal information if they don’t pay up.
Nicholas Quinlan got one of those emails at 6:30 am Wednesday. He said he didn鈥檛 even know about the Nov. 19th data breach before then.
“To me, it felt like a real good sales tactic like here鈥檚 all your information do you want to pay to get it offline,” said Quinlan.
That email, which is attached below in its entirety said in the subject line, “[FREDHUTCH] QUINLAN NICHOLAS Your private data and medical history is being sold on dark net markets.”
It also says Quinlan is one of 800,000 patients whose “names, SSN, addresses, phone numbers, medical history, lab results, and insurance history,” is compromised.
“The email had information that looked pretty real. it had my address it had my patient record number; it had my insurer on it. I felt like it was pretty likely that data had been lost or was online publicly,” said Quinlan.
The email references the November data breach. It also says 鈥淲e have been in contact with Fred Hutchinson Cancer Center. They had the chance to protect your data, but they refused to make a deal.鈥 That email also tells recipients, it鈥檒l only cost $50 to get that info scrubbed from the dark web.”
鈥淚 definitely went back and forth on it, you know $50 for my social security number not being out there that sounds ok,鈥 said Quinlan. He added, 鈥淭here鈥檚 no honor amongst thieves so I didn鈥檛 feel I could trust that $50 would go on to remove my information.”
Fred Hutch Cancer Center says they鈥檙e working to find out how many patients had their information leaked; but know that email has gone to others.
The Cancer Center has been telling patients:
We are sorry you鈥檙e receiving these messages. Unfortunately, this is a common tactic threat actors use, and we have notified local and federal law enforcement of these messages. If the message demands a ransom, DO NOT PAY IT. Please report these messages to the FBI鈥檚 Internet Crime Complaint Center at聽. Then block the sender and delete the message. In addition, you may consider reporting the message as spam through your email.
Quinlan says he hasn’t gotten that email. He also says he’s never set foot in the Cancer Center, but he is a patient with UW Medicine.
“If you look where the domain is from, that鈥檚 a Brazilian domain, and who knows if the hackers are there or if they hacked that website that鈥檚 sending emails,鈥 said Quinlan.
Fred Hutch and UW Medicine merged back in 2021, so the Cancer Center is under the umbrella of UW Medicine.
Again, to report getting that extortion email, Fred Hutch encourages victims to make a report at聽
