Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Prospect Medical Holdings. Show all posts

Rhysida Ransomware Group: Social Security Numbers, Passport Data Compromised in Recent Hospital Attack


On Thursday, the Rhysida ransomware gang confirmed to have been behind the recent cyberattack on Prospect Medical Holdings, as reported by a dark web listing reviewed by Axios.

Apparently, the ransomware gang stole more than 500,000 Social Security numbers and copies of the company’s employees’ driving licenses and passports. Also, other legal and financial documents are said to be compromised.

Prospect Medical Holdings—currently operating 16 hospitals spread across four U.S. states—confirms that the ransomware attack was launched earlier this month, because of which they have been facing issues in their online operations.

Moreover, several elective surgeries, outpatient appointments, blood drives and other services are put to hold owing to the attack. 

According to a Prospect spokesperson, the company was unable to comment on the suspected data leak due to "the sensitivity of the incident and law enforcement involvement."

"Prospect Medical continues to work around-the-clock to recover critical systems and restore their integrity[…]We are making significant progress. Some operational systems have been fully restored and we are in the process of bringing others online," the spokesperson said. 

Rhysida Ransomware Group 

Rhysida confirmed Prospect as one of its victims on its dark web site this Thursday, stating that it had taken 1.3 terabytes of SQL data and 1 terabyte of "unique" files.

Certainly, if the ransom demands are not fulfilled, the ransomware group has threatened the firm to expose their victims’ names to their site. 

Rhysida, in a listing, says that it will auction off "more than 500,000 SNNs, passports of their clients and employees, driver's licenses, patient files (profile, medical history), financial and legal documents!!!"

The auction apparently ends in nine days, with 50 Bitcoins as ransom, per the listing.

Rhysida first came to light in May, however the government officials and cybersecurity professionals claim to have already known about the group, following instances of the group targeting critical infrastructure organizations in recent months.

Also, the Department of Health and Human Services (HHS) published an advisory in regards to the group, since Rhysida’s prime targets involved organizations in the health and public health sector. They further noted that Rhysida’s victims also involved firms in the education and manufacturing sectors.

HHS has advised organizations to patch known security flaws present in their systems and install data back-ups in case they are taken offline. Moreover, they recommended phishing awareness training programs for employees.