Ransomware Attack on Carolina Arthritis Associates by ThreeAM Group

Carolina Arthritis Associates, a prominent healthcare provider specializing in rheumatology, has fallen victim to a ransomware attack orchestrated by the emerging ThreeAM group. This incident underscores the increasing vulnerability of the healthcare sector to sophisticated cyber threats.

About Carolina Arthritis Associates

Carolina Arthritis Associates, also known as Carolina Arthritis Center, is a leading medical practice based in Wilmington, North Carolina. The facility is renowned for its comprehensive approach to diagnosing and treating rheumatologic diseases, including arthritis, rheumatoid arthritis, gout, lupus, and osteoarthritis. With a modern facility spanning approximately 10,000 square feet, the center is one of the largest independent rheumatology practices in the southeastern United States. Employing between 11 and 50 individuals, the center is dedicated to providing high-quality, patient-centered care.

Attack Overview

The ransomware attack by the ThreeAM group has significantly disrupted Carolina Arthritis Associates' operations, potentially compromising sensitive patient data and critical systems. The healthcare provider is currently collaborating with cybersecurity experts to assess the breach's extent and restore their systems. The attack highlights the high stakes involved in the healthcare sector, where the confidentiality and integrity of patient data are paramount.

About the ThreeAM Ransomware Group

ThreeAM, a newly emerging ransomware group, is known for its sophisticated methods and connections to other cybercriminal organizations. Written in Rust, the ransomware encrypts files and appends the extension ".threeamtime" to them. The group is often used as a fallback option during failed deployments of other ransomware, such as LockBit. ThreeAM's tactics include stopping security and backup services to maximize damage and prevent recovery efforts. The group's connections to established ransomware entities like Conti and Royal suggest a collaborative operational framework.

Potential Vulnerabilities

Carolina Arthritis Associates' reliance on integrated digital systems for patient care and data management may have made it an attractive target for ransomware attacks. The healthcare sector's sensitive data and critical operations present lucrative opportunities for cybercriminals. The ThreeAM group's ability to penetrate systems could be attributed to exploiting vulnerabilities in the organization's cybersecurity infrastructure, emphasizing the need for strong defenses in healthcare settings.

Sources

• Carolina Arthritis Associates
• Symantec Blog on 3AM Ransomware
• SOCRadar on 3AM Ransomware
• Avertium Threat Report
• PCRisk on 3AM Ransomware