Everest Ransomware Group Targets Artistic Family Dental

On November 13, the Everest ransomware group executed a cyberattack on Artistic Family Dental, a dental practice known for its comprehensive services and patient-centered care. This breach has exposed sensitive medical and personal data of approximately 5,000 patients, raising significant privacy concerns.

About Artistic Family Dental

Artistic Family Dental operates primarily in Hazel Crest, Illinois, with additional locations in Highland, Indiana, and Silver Spring, Maryland. The practice is led by Dr. Esam Jumani and Dr. Gloria Figuera, who emphasize personalized care and the use of modern dental technologies. The clinic offers a wide range of services, including general, cosmetic, and restorative dentistry, and is known for its commitment to patient comfort and advanced technology. Despite its small size, employing between 2 to 10 people, the practice has carved a niche in providing high-quality dental care tailored to individual needs.

Vulnerabilities and Attack Overview

Artistic Family Dental's focus on advanced technology, while beneficial for patient care, may have inadvertently exposed vulnerabilities that cybercriminals could exploit. The Everest ransomware group, known for its sophisticated tactics, likely penetrated the clinic's systems through compromised user accounts or remote access protocols. The attack resulted in the unauthorized extraction of sensitive data, with the group releasing screenshots as evidence of the breach. The exact volume of leaked data remains unspecified, but the exposure of such information poses significant risks to the affected individuals.

Profile of the Everest Ransomware Group

The Everest ransomware group, active since December 2020, has distinguished itself through its double extortion tactics and focus on the healthcare sector. Initially recognized for encrypting data and threatening to leak sensitive information, the group has evolved to act as an Initial Access Broker, selling unauthorized network access to other cybercriminals. Their operations have increasingly targeted healthcare organizations, exploiting vulnerabilities in systems to extract and potentially sell sensitive data.

Everest employs a range of sophisticated tactics, including lateral movement across networks and credential access using tools like ProcDump. Their ability to archive and exfiltrate data using tools like WinRAR, combined with their use of Cobalt Strike for command and control communications, underscores their technical prowess and the significant threat they pose to organizations.

Sources

• Artistic Family Dental - About Us
• SOCRadar - Dark Web Profile: Everest Ransomware
• Becker's Hospital Review - Everest Ransomware Group Shifts Focus to Healthcare
• HC Innovation Group - HHS: Ransomware Group Everest Targeting Healthcare Sector
• Yelp - Artistic Family Dental of Hazel Crest