Ransomware Attack on Richland Parish Hospital by Dispossesor

Richland Parish Hospital, also known as Delhi Hospital, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group Dispossesor. This critical access hospital, located in Delhi, Louisiana, serves as a nonprofit organization providing essential healthcare services to the rural community of Richland Parish. With a capacity of 25 beds, the hospital offers a range of services including emergency care, inpatient and outpatient care, rehabilitation, pediatric therapy, diagnostic services, and primary care.

Overview of the Attack

The breach was discovered on July 29, 2024, and has resulted in the exfiltration of confidential patient data. Dispossesor has released a 10-minute video showcasing 102 pages of sensitive information, with plans to release a more extensive 1-hour video and a detailed analysis of the compromised data. The attackers have threatened to contact affected individuals and relevant officials, providing instructions on how to pursue legal claims against the hospital.

About Richland Parish Hospital

Founded in 1934, Richland Parish Hospital operates as a nonprofit organization and is integral to providing healthcare services to the rural community of Richland Parish. The hospital employs between 20-49 individuals, according to various sources, and generates approximately $10.5 million in revenue. The hospital's leadership, including interim administrator Mildred (Jinger) Greer, emphasizes community involvement and continuous improvement in healthcare services.

Dispossesor: A New Threat Actor

Dispossesor is a newly identified threat actor in the ransomware landscape, primarily functioning as a data broker rather than a traditional ransomware group. First observed in December 2023, Dispossesor capitalizes on the work of other cybercriminals by redistributing stolen data from previous breaches. The group has claimed responsibility for a variety of attacks, targeting sectors such as government, healthcare, media, and finance. Dispossesor collaborates with "red teamers" and initial access brokers, expanding their operations and victim pool.

Penetration and Vulnerabilities

While the exact method of penetration remains unclear, it is likely that Dispossesor exploited vulnerabilities in the hospital's cybersecurity infrastructure. Common vulnerabilities include outdated software, lack of employee training on phishing attacks, and insufficient network segmentation. The hospital's role as a critical access provider makes it a prime target for ransomware groups, given the potentially high impact of disrupting healthcare services in a rural community.

• Richland Parish Hospital
• SOCRadar: Dark Web Profile - Dispossesor Ransomware
• LinkedIn: Richland Parish Hospital
• Rural Center: Spotlight on Richland Parish Hospital
• GBHackers: Dispossesor and Radar Ransomware