The anti-vax movement has always claimed that vaccines are at the root of a wide-range of health problems for kids. Some have attributed them to autism while others have claimed that they cause long-term health issues. Whatever the case may be, the group attributed to this movement have sometimes thrown medical research or advice out the window and instead chosen to not vaccinate themselves, or their children. The anti-vax movement is highly organized, well funded, and expends significant resources in attempts to influence legislation, disrupt hearings, and otherwise avoid the vaccination requirements.
Recently, GroupSense researchers saw a post on a dark web forum where an individual is looking to hire a hacker to create falsified vaccination records. In the post he describes a need for obtaining vaccination records that would “include a serial number and lot number for each vaccine” as well as the signature/name of the doctor who “administered” the vaccine. While we cannot comment with certainty as to the reason this individual would want such records would be to avoid the immunization requirements to register children in school. The individual goes on to make his or her case by mentionings how hacking into medical records is a step into potentially hacking ID’s, licenses and the like which could yield a very popular dark web business.
This sort of activity is concerning across a number of fronts:
Healthcare organizations should be wary that attackers may be looking to gain access to patient systems to create records. Healthcare organizations would be wise to research how this could potentially take place. Much like how Apple or Amazon may hire white hat hackers to break into their systems to find vulnerabilities, healthcare organizations could seek experts in the cyber security field to find posts like this and find any issues.
Pharmaceutical companies that make vaccines may come under attack as a threat actor hired to fulfil this order will need access to lot numbers and other information that may located in a database.
The public should be concerned because of the health concerns associated. If it becomes easy to falsify vaccination records, everyone’s health is at risk. Anti-vaxers rely on the theory of herd immunity, meaning that if the majority of the population is vaccinated, even the unimmunized minority will be protected. Imagine the impact to herd immunity if it becomes easy to avoid vaccination requirements.
This is an example of virtual and kinetic worlds colliding. The dark web provides anti-vaxxers with a convenient way to connect with threat actors who are financially motivated, and largely unconcerned with moral or legal considerations. This scheme poses a real threat to the health of people. Organizations who may be targeted should consider monitoring for these threats or seek outside services to monitor for them.
This post was contributed by Viktor Banov of the GroupSense research team.