Massive Ransomware Attack: Cybercriminals Breach Health Data of 533,000 Individuals – Protect Yourself Now!

Image: Midjourney

Imagine waking up one day and finding out that your personal and medical information has been stolen by cybercriminals. That’s exactly what happened to over 500,000 individuals when a ransomware gang breached the network of non-profit healthcare service provider Group Health Cooperative of South Central Wisconsin (GHC-SCW) in January.

Luckily, the attackers were unable to encrypt the compromised devices. This allowed GHC-SCW to secure its systems with the help of external cyber incident response experts and bring them back online after they were isolated to contain the breach.

According to a press release published by GHC-SCW, the unauthorized access to their network was discovered during the early morning hours of January 25th, 2024. During their investigation, they found out that the attacker had copied some of GHC-SCW’s data, which included protected health information (PHI).

What kind of health data was stolen, you ask? The cybercriminals got their hands on affected individuals’ names, addresses, telephone numbers, e-mail addresses, dates of birth and/or death, social security numbers, member numbers, and Medicare and/or Medicaid numbers. While GHC-SCW didn’t provide the exact number of affected people, additional information shared with the U.S. Department of Health and Human Services shows that the data breach impacted 533,809 individuals.

As a response to the incident, GHC-SCW has taken security measures to prevent such breaches from happening again. This includes strengthening existing controls, data backup, and user training. If you happen to be one of the impacted individuals, it’s advisable to monitor all communications from healthcare providers, including electronic messages, billing statements, and other communications. And if you notice any suspicious activity, report it to GHC-SCW immediately.

So far, GHC-SCW has not found any evidence of the stolen information being used for malicious purposes.

Who’s behind the attack?

The Wisconsin-based healthcare non-profit didn’t reveal the name of the threat group behind the January breach. However, the BlackSuit ransomware gang claimed responsibility for the attack in March. According to the attackers’ claims, the stolen files also contain affected patients’ financial information, employees’ data, business contracts, and e-mail correspondence.

Not much is known about the group behind the BlackSuit ransomware operation, but their dark web leak site was first spotted last May and has since been updated with dozens of new victims. In June, the highly active Royal ransomware gang — believed to be the direct successor of the notorious Conti cybercrime group — began testing a new encryptor called BlackSuit after rumors of a rebrand began surfacing in April.

Since then, Royal has rebranded into BlackSuit and reorganized into a more centralized operation, similar to the model they used when they were part of the Conti syndicate as Team 2 (Conti2). In November, the FBI and CISA revealed in a joint advisory that the Royal ransomware gang had breached the networks of at least 350 organizations worldwide since September 2022 and linked the operation to more than $275 million in ransom demands.

So, what can we learn from all of this? Cybersecurity threats are very real and can impact anyone, even non-profit healthcare organizations. That’s why it’s crucial for everyone to take the necessary precautions to protect their sensitive data.

Don’t wait until it’s too late. Keep coming back to us to learn more about cybersecurity and how you can protect yourself and your organization from cyberattacks. Remember, knowledge is power, and the more you know, the better equipped you’ll be to defend against these threats.