por
John R. Fischer, Senior Reporter | August 30, 2023
Rhysida ransom group has claimed responsibility for a cyberattack in early August on Prospect Medical Holdings' hospital and clinic network.
Data belonging to over half a million patients and employees at hospitals operated by Prospect Medical Holdings are up for sale for 50 bitcoin ($1.3 million) on a live auction site on the dark web created by the Rhysida ransom group.
The hackers claimed responsibility for a ransomware attack on August 3 that has left many of PMH’s Northeast facilities still closed or unable to use online services,
according to Cybernews.
Based in Los Angeles, PMH is made up of 17 hospitals and more than 165 outpatient facilities and clinics in Connecticut, New Jersey, Pennsylvania, Rhode Island, and Southern California.
Ad Statistics
Times Displayed: 51528
Times Visited: 694 Reveal Mobi Pro integrates the Reveal 35C detector with SpectralDR technology into a modern mobile X-ray solution. Mobi Pro allows for simultaneous acquisition of conventional & dual-energy images with a single exposure. Contact us for a demo at no cost.
On its auction page, the group said on August 24 that it had “kindly been provided” social security numbers, passports, driver's licenses, patient medical files, and legal and financial documents for patients and employees, and set a countdown date to September 1 for a sale. It also listed information from Pierce College in Northwestern Washington state.
"Introducing our new partners — Prospect Medical Holdings. If you are interested in our partner's confidential documents, you will be able to purchase them too!!! Total 1TB unique files, as well as 1.3TB SQL database,” said Rhysida on the auction page.
It will sell all the data to one buyer, and on another page link, has listed samples of them.
The attack has triggered investigations by local FBI field offices at certain hospitals, including Waterbury Hospital in Connecticut, which is currently using paper records. It also caused network shutdowns at nearly half a dozen hospitals and facilities in Pennsylvania under the PMH subsidiary Crozer Health. PMH has not said when it expects services will return to normal.
At the top of all affected PMH hospital websites is a banner saying, “Prospect Medical Holdings, along with all Prospect Medical facilities, is experiencing a systemwide outage. We are working to resolve the issue as soon as possible and regret any inconvenience.”
The group is new, according to the U.S. Department of Health and Human Services, and allegedly has ties to the Vice Society Ransom gang, which is known for attacking educational institutions in the U.S., U.K., and Canada.
Rhysidia primarily attacks organizations in Western Europe, North and South America, and Australia within the healthcare, education, government, manufacturing, and technology sectors, typically using phishing attacks and Cobalt Strike, reported Cybernews.
It made headlines in May when it breached, stole, and leaked sensitive data from the Chilean government online. To date, it has 40 victims listed on its dark leak site, including PMH.
PMH is
managed by Medical Properties Trust (MPT), the largest hospital real estate firm in the U.S. MPT was the subject of controversy earlier this month after it was revealed that it chose not to disclose a recapitalization agreement that PMH entered into to pay off its debts.