Picture: Midjourney
Non-profit healthcare service supplier Group Well being Cooperative of South Central Wisconsin (GHC-SCW) has disclosed {that a} ransomware gang breached its community in January and stole paperwork containing the non-public and medical data of over 500,000 people.
Nevertheless, the attackers could not encrypt the compromised units, which allowed GHC-SCW to safe its programs with the assistance of exterior cyber incident response specialists and convey them again on-line after they have been remoted to include the breach.
“In the early morning hours of January 25th, 2024, GHC-SCW identified unauthorized access to their network. Their Information Technology (IT) Department purposefully isolated and secured their network, causing several of their systems to be temporarily unavailable,” the healthcare group stated in a press launch revealed on Tuesday.
“On February 9, 2024, during our investigation, we discovered indications that the attacker had copied some of GHC-SCW’s data, which included protected health information (PHI). Our discovery was confirmed when the attacker, a foreign ransomware gang, contacted GHC-SCW claiming responsibility for the attack and stealing our data.”
Well being knowledge stolen throughout the January ransomware assault consists of affected people’ names, addresses, phone numbers, e-mail addresses, dates of beginning and/or deaths, social safety numbers, member numbers, and Medicare and/or Medicaid numbers.
Though it did not present the precise variety of affected folks, extra data shared with the U.S. Division of Well being and Human Companies exhibits that the info breach impacted 533,809 people.
In response to the incident, GHC-SCW says it took safety measures to forestall such breaches from taking place once more, together with strengthening current controls, knowledge backup, and consumer coaching.
Impacted people are suggested to observe all communications from healthcare suppliers, together with digital messages, billing statements, and different communications, and to report any suspicious exercise to GHC-SCW instantly.
GHC-SCW has but to seek out proof of the stolen data getting used for malicious functions.
Claimed by BlackSuit ransomware
Whereas the Wisconsin-based healthcare non-profit did not reveal the title of the menace group behind the January breach, the BlackSuit ransomware gang claimed the assault in March.
In line with the attackers’ claims, the stolen information additionally include affected sufferers’ monetary data, workers’ knowledge, enterprise contracts, and e-mail correspondence.
​Although BlackSuit’s darkish internet leak website was first noticed final Could and has since been up to date with dozens of latest victims, little is thought in regards to the group behind this ransomware operation.
In June, the extremely energetic Royal ransomware gang—believed to be the direct successor of the infamous Conti cybercrime group—started testing a brand new encryptor referred to as BlackSuit after rumors of a rebrand started surfacing in April.
Since then, Royal has rebranded into BlackSuit and reorganized right into a extra centralized operation, just like the mannequin they used once they have been a part of the Conti syndicate as Group 2 (Conti2).
The FBI and CISA revealed in a November joint advisory that the Royal ransomware gang had breached the networks of at the very least 350 organizations worldwide since September 2022 and linked the operation to greater than $275 million in ransom calls for.
