Ransomware Hits Healthcare Services Group Exposing Sensitive Data

Incident Date: Oct 25, 2024

Attack Overview

VICTIM

Healthcare Services Group (HCSG)

INDUSTRY

Healthcare Services

LOCATION

USA

ATTACKER

Underground Team

FIRST REPORTED

October 25, 2024

Request Removal

Ransomware Attack on Healthcare Services Group by Underground Ransomware Group

Healthcare Services Group, Inc. (HCSG), a leading provider of essential support services in the healthcare sector, has recently fallen victim to a ransomware attack orchestrated by the Underground ransomware group. This incident highlights the vulnerabilities faced by organizations operating in critical sectors like healthcare, where data security is paramount.

About Healthcare Services Group

Founded in 1976, HCSG has established itself as a significant player in the healthcare services industry, specializing in housekeeping, laundry, dining, and nutritional services. With a workforce of approximately 35,000 employees across 48 states, the company supports over 5,000 accounts nationwide. HCSG's commitment to infection prevention and control, alongside its focus on enhancing operational efficiency, makes it a vital component of healthcare facilities' operations.

Details of the Attack

The Underground ransomware group claims to have breached HCSG's systems, exfiltrating 1.1 TB of sensitive data. The stolen information reportedly includes confidential documents such as agreements, contracts, financial and legal records, vendor and supplier details, stockholder documentation, tax and recruitment files, service proposals, and invoices. Particularly concerning is the compromise of extensive employee information, including passports, IDs, Social Security Numbers, and various tax and payroll forms.

Profile of the Underground Ransomware Group

The Underground ransomware group, associated with the RomCom cybercrime organization, has been active since July 2023. Known for targeting Windows systems, the group employs sophisticated tactics, including exploiting vulnerabilities like CVE-2023-36884 and using phishing emails. Their ransomware uses the 3DES algorithm for file encryption, and they are known for not appending file extensions, which distinguishes them from other ransomware variants.

Potential Vulnerabilities and Penetration Tactics

HCSG's extensive operations and reliance on digital systems for managing critical support services may have made it an attractive target for the Underground group. The attackers likely exploited vulnerabilities in HCSG's IT infrastructure, potentially through phishing or exploiting known software vulnerabilities. The breach underscores the importance of cybersecurity measures, especially in sectors handling sensitive data.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.