Hackers stole well being information belonging to greater than half 1,000,000 people from a non-profit Wisconsin healthcare supplier after their try and encrypt the group’s techniques failed.
Group Well being Cooperative of South Central Wisconsin (GHC-SCW) stated an abroad ransomware gang accessed its community within the early hours of Jan. 25.
The group’s IT division was capable of isolate and safe the community, thwarting the encryption try, however a subsequent investigation revealed information regarding 533,809 people had been copied.
The BlackSuit ransomware group claimed accountability for the assault in a posting on its darkish net leaks website final month.
GHC-SCW, which offers healthcare and medical health insurance companies to over 80,000 members, stated it was contacted by the alleged extortionists, but it surely has not publicly confirmed who they’re.
“The PHI that the attacker stole could have included identify, tackle, phone quantity, e-mail tackle, date of beginning and/or dying, Social Safety quantity, member quantity, and Medicare and/or Medicaid quantity,” the group stated in a breach notification on its web site.
On its leak website, BlackSuit claimed to even be in possession of worker information, together with monetary and managerial paperwork stolen from the member-owned group.
Techniques hardened, no phrase on ransom fee
GHC-SCW knowledgeable the U.S. Division of Well being and Human Providers and state authorities of the breach, and has written to affected events.
“As a part of our response effort, we reported the incident to the Federal Bureau of Investigation (FBI) and employed exterior cyber incident response sources to help us in restoring and verifying the safety of our community and techniques, and to research the assault,” the Madison, Wisconsin-based group stated.
“These sources efficiently allowed GHC-SCW to deliver our techniques again on-line methodically and safely.”
GHC-SCW has not disclosed whether or not a ransom has been paid however stated there was “no indication that info has been used or additional disclosed”.
“To scale back the danger of this taking place once more, we have now carried out enhanced safety measures throughout all our techniques and networks. This contains strengthening current controls, information backup, consumer coaching and consciousness, and different measures.”
The BlackSuit ransomware gang was first noticed by researchers in Could and is believed to be a by-product of Royal, a notoriously prolific group that extorted greater than $275 million from over 350 victims.
From the encryption frying pan to the extortion hearth
Erich Kron, safety consciousness advocate at KnowBe4, stated whereas it was lucky the IT disruptions at GHC-SCW had been minimal, the theft of information gave the criminals “one of many extra highly effective types of leverage that present ransomware gangs have” when negotiating an extortion fee with a sufferer.
“By promising to not leak the knowledge publicly, they will typically get organizations to pay up in an effort to keep away from potential lawsuits and different points associated to the theft of the info,” he stated.
Tamara Kirchleitner, senior intelligence operations analyst at Centripetal, stated healthcare organizations had been prime targets for cybercriminals as a result of delicate nature of the info they maintain and the potential disruption assaults can have on life-saving care.
“Healthcare information is a helpful goal for cybercriminals, and organizations should prioritize cybersecurity to guard their sufferers and important operations,” she stated.
Outstanding U.S. healthcare-related cybersecurity incidents which have come to mild up to now in 2024 have included the extensively disruptive ransomware assault in opposition to Change Healthcare and the potential breach of greater than 800,000 affected person information from Metropolis of Hope, a Californian-headquartered most cancers therapy and medical analysis group.
