Ransomware Attack on Texas Therapy Council by Hunters International

Incident Date: Jul 25, 2024

Attack Overview

VICTIM

Physical & Occupational Therapy Examiners of Texas

INDUSTRY

Healthcare Services

LOCATION

USA

ATTACKER

Hunters International

FIRST REPORTED

July 25, 2024

Request Removal

Ransomware Attack on ECPTOTE by Hunters International

Overview of the Victim: ECPTOTE

The Executive Council of Physical Therapy and Occupational Therapy Examiners (ECPTOTE) is a regulatory body in Texas responsible for overseeing the practice of physical therapy and occupational therapy. The council supports two main boards: the Texas Board of Physical Therapy Examiners (TBPTE) and the Texas Board of Occupational Therapy Examiners (TBOTE). ECPTOTE ensures that practitioners are properly licensed, regulates the profession, and promotes public safety initiatives. The council oversees approximately 12,660 licensed occupational therapists and 6,935 licensed occupational therapy assistants in Texas.

Attack Details

Hunters International, a ransomware group, has claimed responsibility for a cyberattack on ECPTOTE. The group reportedly exfiltrated 139.1 GB of data, encompassing 195,822 files, including sensitive military information. This breach underscores the increasing threat of ransomware attacks on critical institutions and the severe implications of data theft.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the Hive ransomware group. The group's ransomware code contains significant overlap with Hive, indicating a shared technical lineage. Hunters International focuses on exfiltrating data and extorting victims for ransom. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Penetration and Vulnerabilities

ECPTOTE's vulnerabilities that may have been exploited by Hunters International include potential weaknesses in their cybersecurity infrastructure, such as outdated software, insufficient employee training on phishing attacks, and lack of multi-factor authentication. The ransomware group likely penetrated ECPTOTE's systems through phishing emails or exploiting unpatched software vulnerabilities, allowing them to exfiltrate a substantial amount of sensitive data.

Impact and Implications

The ransomware attack on ECPTOTE has significant implications, including potential financial losses, reputational damage, and the risk of sensitive data being exposed or sold on the dark web. The inclusion of sensitive military information in the stolen data further exacerbates the severity of the breach, highlighting the critical need for robust cybersecurity measures in regulatory bodies and other critical institutions.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.