Cybersecurity alert: New ransomware threat to healthcare, recent attacks

Editor's Note

On August 4, the Department of Health and Human Services Health Sector Cybersecurity Coordination Center released a security alert warning hospitals of a new ransomware group called Rhysida that has been active since May 2023 and is recently targeting healthcare by breaching networks and demanding a ransom.

According to the alert, Rhysida uses phishing attacks and "threatens to publicly distribute the exfiltrated data if the ransom is not paid," adding that the "ransomware...leaves PDF notes on the affected folders, instructing the victims to contact the group via their portal and pay in Bitcoin. Its victims are distributed throughout several countries across Western Europe, North and South America, and Australia. They primarily attack education, government, manufacturing, and technology and managed service provider sectors; however, there has been recent attacks against the Healthcare and Public Health (HPH) sector."

In covering the alert, Becker's Health IT August 8 noted the warning that "Rhysida created a victim support chat portal where it labels itself as a 'cybersecurity team'...[its] victim support page also displays the ongoing auctions for the stolen data and current number of victims. The group's website doubles as a portal for news and media coverage, as Rhysida's contact information is available to journalists, recovery firms, 'fans.'"

Chief Healthcare Executive (CHE) August 8 summarized some recent cyberattacks that have affected hospitals, the most recent being one that affected California-based Prospect Medical Holdings, which operates 17 acute-care and behavioral hospitals and several clinics in California, Connecticut, New Jersey, Pennsylvania, and Rhode Island. According to the article, several Prospect facilities continue to be affected, and some services and procedures are being postponed.

One example is the Prospect-owned Eastern Connecticut Health Network, which has had to postpone "elective surgeries, GI procedures, and outpatient physical therapy...until further notice. In addition, outpatient blood draws and outpatient medical imaging at two facilities have been postponed," noted CHE. "Tens of millions of Americans have already been affected by health data breaches in 2023," with HCA Healthcare in July stating "it suffered a data breach affecting as many as 11 million people" that "appears to be a theft from an external storage location exclusively used to automate the formatting of email messages."