HQ/EMEAFind out how we can help your business
Onix Group, a commercial real estate firm, suffered a ransomware incident that compromised thousands of individuals. Based on reports, the affected entity operates over a dozen addiction recovery centres and other medical facilities in multiple states. The company has notified over 300,000 patients and employees that the ransomware attack could have impacted their data.
The initial report stated that the incident occurred last month, corrupted specific systems, and exfiltrated a subset of files to an attacker-controlled server. The company explained that the investigation into the ransomware incident uncovered that an unauthorised individual had infiltrated the company’s network between March 20 and March 27.
The affected company is a healthcare division that has been operating for more than 30 years. Onix Group also operates hotels and numerous medical facilities.
The Onix Group stated that the stolen data varies from every individual.
According to the Onix Group, the compromised information during the ransomware attack varied by individual. The confirmed data compromised during the attack includes patients’ names, Social Security numbers, dates of birth, patient scheduling, billing, clinical information, and patient assignment to every Onix facility.
The compromised files also include employee data maintained for HR purposes, such as SS numbers, direct deposit details, and health plan enrollment information.
Unfortunately, the Onix Group representative has yet to provide additional details about the ransomware attack. Hence, researchers have not confirmed the malware variant or the hacker group that orchestrated the ransomware attack.
However, the company claimed that they are taking proactive measures to increase the security of its systems and will continue to enhance its defence protocols to safeguard its stored information.
Last week, the Department of Health and Human Services revealed that the Onix hacking issue is now inside the 295 major healthcare-related data breaches. These cybersecurity incidents have affected over 37 million individuals.
To make matters worse, 113 of the breached systems are business associates of the Onix Group. Therefore, affected patients and personnel from Onix have contributed to the already millions of affected individuals by ransomware attacks.
These attacks imply that threat actors are ruthless since they have attacked healthcare facilities or medical companies. Therefore, organisations should have a robust defence mechanism to mitigate these attacks.
