HQ/EMEAFind out how we can help your business
The Rhysida ransomware group has claimed the massive cyberattack on Prospect Medical Holdings. Based on reports, the incident has resulted in the heist of 500,000 corporate documents, social security numbers, and patient records.
Researchers believe the attack happened earlier this month after the affected entity’s employees found ransom notes on their screens saying that their network suffered a hack and device encryption.
The attack has forced the hospitals to temporarily take down their IT networks to mitigate the effects and the ransomware spread.
Rhysida ransomware revealed that they were the attackers after the victim refused to divulge their identity.
The PMH hospital networks, like CharterCare, state that their system has resumed operations despite not revealing that they suffered an attack from the Rhysida ransomware group.
Additionally, the hospital notified everyone that they had resorted to a pen-and-paper operation after their systems suffered disruption. However, a separate research revealed that the hospital have not communicated with its employees about whether the actors have stolen their data during the attack.
The Rhysida ransomware operation emerged in May this year. It quickly became one of the most notorious ransomware groups after hacking the Chilean Army and leaking its stolen information.
On the other hand, the United States Department of Health and Human Services released an advisory about Rhysida’s campaign against healthcare organisations.
The ransomware group revealed they plan to leak the stolen data from Prospect Medical Holdings if the company refuses to provide ransom demands that reach about $1.3 million worth of Bitcoin.
Furthermore, these attackers have claimed that they stole one terabyte worth of archives and 1.3 terabytes of SQL database containing various personal details. The confirmed information that could affect relevant individuals are social security numbers, driver’s licenses, passports, corporate files, and patient’s medical records.
The group have also shared sample screenshots of stolen driver’s licenses, documents, and social security cards of patients to prove the legitimacy of their attack.
Every individual affected by the recent attack on PMH should be vigilant in targeted phishing attacks since the threat actors have already shared some screenshots from the operation. PMH has yet to respond to the ransomware group’s provocations.
