Curenta Faces RansomHub Ransomware Threat in Healthcare Sector

Incident Date: Nov 21, 2024

Attack Overview

VICTIM

Curenta

INDUSTRY

Healthcare Services

LOCATION

USA

ATTACKER

Ransomhub

FIRST REPORTED

November 21, 2024

Request Removal

RansomHub Ransomware Attack on Curenta: A Detailed Analysis

On November 22, 2024, Curenta, a digital healthcare startup specializing in long-term care pharmacy technology, fell victim to a ransomware attack orchestrated by the notorious RansomHub group. Curenta, founded in 2020, has rapidly grown to serve over 1,000 healthcare professionals, offering AI-powered Software as a Service (SaaS) solutions that streamline medication management and enhance communication among care teams in senior living facilities.

Curenta: A Target in the Healthcare Sector

Curenta's innovative platform integrates functionalities that improve operational workflows and patient care communication, making it a standout in the healthcare technology sector. The company's AI-driven compliance tools ensure adherence to healthcare regulations, a critical aspect for maintaining high-quality care. However, the very nature of its operations—handling sensitive patient data and integrating with electronic health record systems—makes Curenta an attractive target for ransomware groups like RansomHub.

Attack Overview

The attack on Curenta was discovered on November 22, 2024. While the size of the leaked data remains unknown, RansomHub has threatened to publish all files if communication is not established. The group's modus operandi involves exploiting vulnerabilities in unpatched systems and using phishing campaigns to gain initial access. Once inside, they conduct network reconnaissance and privilege escalation before encrypting files, employing advanced data exfiltration techniques.

Potential Vulnerabilities

Curenta's reliance on digital platforms and integration with electronic health records could have been exploited by RansomHub. The group's use of intermittent encryption and modular architecture allows for quick updates to ransomware strains, making detection challenging. Additionally, RansomHub's expertise in exploiting vulnerabilities like Citrix ADC and FortiOS could have facilitated the breach.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.