Bausch Health Companies Inc., a global pharmaceutical company, has suffered a significant data breach. Sp1d3rHunters, a known threat actor, posted on an underground forum, advertising the sale of 1.6 million medical DEA numbers and prescriber details.

Breach Details

  • Date of Breach Announcement: July 30, 2024
  • Data Compromised:
    • 1.6 million Medical DEA numbers
    • Prescriber details
  • Data Size: Over 3TB
  • Data For Sale: The threat actor is selling the data in packages:
    • $10,000 for 10 DEA numbers
    • $25,000 for 50 DEA numbers
    • $50,000 for 100 DEA numbers
  • Contact Information:

Threat Actor Profile

Sp1d3rHunters is a notorious hacker group known for breaching high-profile companies and selling sensitive information on underground forums. Their reputation is established through multiple successful data breaches, and they typically demand high ransoms or sell the data to the highest bidder.

Sp1d3rHunters is a credible and active threat actor group involved in high-profile data breaches and extortion campaigns. Their recent activities include significant breaches and extortion attempts against major organizations, particularly Ticketmaster.

  1. Ticketmaster Breach: Sp1d3rHunters, previously associated with the group ShinyHunters, has been linked to the Ticketmaster data breach where they leaked 170,000 Taylor Swift ticket barcodes and demanded $2 million to prevent further leaks. The group also claimed responsibility for leaking nearly 39,000 print-at-home tickets for various high-profile events​ (SecureWorld)​​ (BleepingComputer)​​ (Malwarebytes)​​ (BleepingComputer)​.
  2. Snowflake Account Compromise: The data used in their extortion campaigns, including the Ticketmaster breach, was obtained through compromised Snowflake accounts. This method involved downloading databases using credentials stolen by malware, affecting over 165 organizations, including Neiman Marcus and the Los Angeles Unified School District​ (BleepingComputer)​​ (BleepingComputer)​.
  3. Extortion Demands: Their extortion tactics typically involve demanding large sums of money from victim organizations to prevent the release of stolen data. For instance, their initial demand to Ticketmaster was $500,000, which later escalated to $2 million as they threatened to leak additional data if not paid​ (SecureWorld)​​ (BleepingComputer)​.

Activities and Impact:

  • Public Data Leaks: Sp1d3rHunters has leaked significant amounts of data publicly when their demands were not met, causing substantial financial and reputational damage to the affected organizations.
  • Security Challenges: The group's tactics present unique challenges, especially regarding the immediate monetization of stolen data, such as ticket barcodes, which can lead to real-world disruptions at events​ (Malwarebytes)​.

Impact Analysis

  • Risk to Healthcare Providers:
    • Healthcare providers may need to reapply for new DEA numbers, a process that can take months.
    • Compromised DEA numbers could lead to fraudulent prescriptions, exacerbating the opioid crisis and other prescription drug abuses.
  • Financial Impact on Bausch Health:
    • Potential costs include regulatory fines, legal fees, and expenses related to mitigating the breach.
    • The company faces a ransom demand of $3 million to prevent the sale of the data.

Prevention Tips

  • For Healthcare Providers:
    • Monitor prescription patterns for unusual activity.
    • Report any suspected fraudulent activity to the DEA immediately.
  • For Organizations:
    • Implement advanced cybersecurity measures such as encryption and multi-factor authentication.
    • Conduct regular security audits and staff training on data protection.

Explanation of Terms

DEA Number: A DEA (Drug Enforcement Administration) number is a unique identifier assigned to a healthcare provider (e.g., physician, dentist, veterinarian) by the United States Drug Enforcement Administration. This number permits the provider to write prescriptions for controlled substances like Adderall, oxycodone, and methadone.

XMPP: Extensible Messaging and Presence Protocol (XMPP) is a communication protocol for message-oriented middleware based on XML (Extensible Markup Language). It is often used for instant messaging and presence information.

Share this article
The link has been copied!