INCRansom Strikes Washington Gastroenterology in Data Breach

Incident Date: Jan 17, 2025

Attack Overview

VICTIM

Washington Gastroenterology

INDUSTRY

Healthcare Services

LOCATION

USA

ATTACKER

Inc Ransom

FIRST REPORTED

January 17, 2025

Request Removal

Ransomware Attack on Washington Gastroenterology by INCRansom

Washington Gastroenterology (WAGI), the largest private gastroenterology practice in Washington state, has recently been targeted by the notorious ransomware group INCRansom. This attack highlights the persistent vulnerabilities within the healthcare sector, particularly for organizations with extensive histories and significant patient data.

About Washington Gastroenterology

Founded on January 1, 2018, through the merger of three established GI practices, WAGI has grown to become a leading provider of gastroenterological services in Washington state. The practice operates 17 locations and employs over 30 board-certified gastroenterologists, supported by a skilled team of advanced practitioners and administrative staff. WAGI is renowned for its comprehensive care, offering a wide range of services from colon cancer screening to pediatric gastroenterology. The practice's commitment to patient-centered care and its independent, physician-owned model distinguish it in the healthcare industry.

Details of the Ransomware Attack

INCRansom, a sophisticated ransomware group known for targeting high-value data industries, has claimed responsibility for the attack on WAGI. The group has reportedly exfiltrated sensitive data, sharing screenshots on their dark web platform to substantiate their claims. This breach underscores the ongoing threat to healthcare organizations, which often hold vast amounts of sensitive patient information.

About INCRansom

Emerging in July 2023, INCRansom has quickly gained notoriety for its targeted attacks on large organizations, particularly in the healthcare sector. The group employs a combination of spear-phishing, exploitation of vulnerabilities, and multi-extortion tactics. They have been known to exploit vulnerabilities such as CVE-2023-3519 in Citrix NetScaler to gain initial access to networks. INCRansom distinguishes itself through its aggressive extortion methodologies, including threatening to leak stolen data if ransom demands are not met.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.