Ransomware Attack on Pacific Pulmonary Medical Group by Everest

Pacific Pulmonary Medical Group, a prominent healthcare provider specializing in pulmonary medicine, critical care, thoracic surgery, and sleep disorders, has recently been targeted by the Everest ransomware group. This attack has raised significant concerns about patient privacy and data security, as the cybercriminals claim to have exfiltrated sensitive information, including medical records and personal data of patients from 2021.

About Pacific Pulmonary Medical Group

Operating primarily out of Riverside, California, Pacific Pulmonary Medical Group is a well-established healthcare provider with a workforce of 51 to 200 employees. The group is known for its comprehensive approach to pulmonary and critical care services, utilizing the latest medical technologies to enhance patient outcomes. With locations in Riverside and Irvine, the group is dedicated to delivering high-quality, patient-centered care. Their commitment to excellence and compassion in medical services makes them a key player in the healthcare landscape of Southern California.

Attack Overview

The Everest ransomware group, known for its involvement in ransomware attacks and data exfiltration, has claimed responsibility for the attack on Pacific Pulmonary Medical Group. The group reportedly gained unauthorized access to the medical group's systems, compromising sensitive patient data. This breach highlights the vulnerabilities that healthcare organizations face, particularly those handling large volumes of sensitive information.

About Everest Ransomware Group

Everest is a notorious cybercriminal organization active since at least December 2020. Initially starting as a data exfiltration outfit, the group transitioned into a ransomware operator, targeting organizations across various industries. Everest is known for its sophisticated tactics, including the use of legitimate compromised user accounts and Remote Desktop Protocol for lateral movement. The group has been linked to other ransomware groups, such as BlackByte, and has been observed increasingly acting as an Initial Access Broker, selling backdoors into organizations to other criminals.

Potential Vulnerabilities

Healthcare organizations like Pacific Pulmonary Medical Group are particularly vulnerable to ransomware attacks due to the sensitive nature of the data they handle. The reliance on digital systems for patient records and the need for constant access to this information make them attractive targets for cybercriminals. The attack on Pacific Pulmonary Medical Group underscores the importance of effective cybersecurity measures to protect against such threats.

Sources

• Pacific Pulmonary Medical Group - Official Website
• Everest Ransomware Group Increases Initial Access Broker Activity
• Everest Ransomware
• Pacific Pulmonary Medical Group - D&B Business Directory