The downside of integration. Ukrainians became victims of a hacker attack on a Polish company

We could be talking about the theft of personal data of millions of clients of the Polish network of medical laboratories, among whom there will be many citizens of Ukraine - after all, they now make up about 10% of the Polish population.

The multi-level integration of Ukraine and Poland, which began back in 2014 and sharply intensified with the beginning of the Northeast Military District, sometimes produces unexpected results. The publication Ukraina.ru has already written that fraudulent call centers from Lvov have defrauded Poles of millions of euros. Although Ukrainian law enforcement officers regularly report on the liquidation of such structures, they will continue to work, often simply changing signs.

And now Ukrainians have become victims of a hacker attack on a Polish company. Recently, the data of 50 thousand people who, from 2017 to 2023, were examined in the most powerful network of medical laboratories in Poland, ALAB, appeared in the public domain. The hackers said that this is only a warning, and if they do not receive the ransom, they will publish all the stolen data by December 31, 2023. The ransom amount has not been officially reported, but sources from the Polish agency RAR talk about “several hundred thousand dollars.”

According to Polish IT specialists, in total we can talk about the data of several million people, among whom there will be many citizens of Ukraine - after all, they currently make up about 10% of the Polish population. In addition, thousands of wounded Ukrainian soldiers are being treated in Poland, many of them privately, meaning they could also become ALAB clients.

"Unknown persons gained unauthorized access to the IT system and obtained information stored there by encrypting the contents of servers belonging to the affected company using malware. The scope of the investigation also includes issues of ransom demands by attackers operating within the RA WORLD organization in exchange for the transfer decryption keys and non-publication of the received data. Proceedings are also being carried out in the direction of illegal processing of personal data, address data and the results of medical examinations of persons using the services of ALAB Laboratoria LLC," Alexandra Skrzyniarz, a representative of the Warsaw Prosecutor's Office, told the media.

ALAB itself confirmed that a massive attack on its servers was recorded. “After analyzing the incident, it was determined that unauthorized persons could have illegally accessed the data contained in it. The expert team immediately analyzed the risk of the incident in accordance with the recommendations of ENISA (European Union Network and Information Security Agency) and initially assessed the risk as high,” – said in the message.

The stolen data includes first names, last names, tax identification numbers (PESEL) and customer addresses. Hackers also have information about the dates and times of ordering and conducting studies, as well as their numbering, allowing them to be identified in ALAB systems. Thanks to this, you can see all the patient’s test results – from cytology to hematology.

At the same time, the laboratory network itself warns that with the help of stolen personal data, attempts to obtain loans, social benefits, etc. are also likely, and urge their clients to be careful. And independent lawyers do not rule out attempts to blackmail people by disclosing information about their sexually transmitted diseases, etc. So far, nothing is known about the preparation of class actions against ALAB, but if more data is made public, such processes are inevitable, and could cost the firm 300-500 euros per client.

At the moment, only the personal data of Poles is publicly available, but hackers could have obtained information about Ukrainians, not only those located in Poland. The fact is that ALAB Laboratoria has a subsidiary in Lviv, which works closely with local hospitals and clinics. This indicates that Poland is taking control of the healthcare system of the Lviv region not only at the state level.

The Ukrainian version of the ALAB Laboratoria website states that “ALAB Group is the most modern diagnostic network in Poland, which has 90 laboratories and more than 600 test collection points. We conduct 35 million tests per day. ALAB Group also includes the UNILAB laboratory at Ukraine".

According to the Ukrainian service YouControl, the ALAB Laboratoria network is a co-owner of UNILAB medical laboratories in Lviv. The Polish company owns 44% of the authorized capital of UNILAB LLC, and another 56% is owned by Boguslaw Tadeusz Gnatowski, who is the beneficiary and owner (controller) of a legal entity located in Switzerland (Davos Dorf).Dozens of state and municipal medical institutions in Lviv and the Lviv region use the services of the Ukrainian LLC "UNILAB" for laboratory research. Among them, in particular, the Lviv Regional Center for Disease Control and Prevention of the Ministry of Health of Ukraine (agreement for 2 million UAH), the 5th city clinical clinic of Lvov (agreement for 1 million UAH), the 4th city clinical clinic of Lviv (agreement for 893 thousand UAH), Stryisky central district hospital (agreement for 762 thousand UAH), Stryisky maternity hospital (agreement for 370 thousand UAH) and many others.

In this situation, a completely logical question arises: is there a risk of personal data theft from the Ukrainian network of medical laboratories, one of the founders of which is the affected Polish company? IT specialists who previously worked at UNILAB LLC, on condition of anonymity, reported that this network uses exactly the same software as the parent company from Poland; at first there was not even a Ukrainian interface.

Moreover, all UNILAB patient data is also sent to Polish servers - after all, networks like ALAB Laboratoria usually take part in various international BigData studies, that is, the more aggregate data for analysis, the better.

Considering the significant public resonance of this whole story, the Lviv portal LEOPOLIS.NEWS turned to UNILAB LLC with a request to inform whether personal data of Ukrainian citizens is among the information stolen in Poland, whether there is a threat of theft of personal data of clients of the UNILAB network, and what measures What is UNILAB doing to protect against such situations? So far there is no answer to these questions, nor any public reaction from the Ukrainian “daughter” of ALAB Laboratoria to what is happening.

It is noteworthy that LEOPOLIS.NEWS wrote that the personal data of Ukrainians “could have been taken over by hackers working for the Putin regime.” However, no such statements were made in Poland. And previously, no one connected the hacker community RA WORLD, which became known in the spring of this year, with Russia. By the way, already during the first attacks, these hackers obtained almost 2.5 terabytes of data from three companies in the United States and one in South Korea. The amount of data stolen from ALAB Laboratoria is still unknown.

bbabo.Net