ThreeAM Ransomware Hits Brunswick Hospital Center in Major Cyberattack

Incident Date: Sep 12, 2024

Attack Overview

VICTIM

Brunswick Hospital Center

INDUSTRY

Healthcare Services

LOCATION

USA

ATTACKER

3am

FIRST REPORTED

September 12, 2024

Request Removal

ThreeAM Ransomware Group Targets Brunswick Hospital Center in Major Cyberattack

Brunswick Hospital Center, a specialized psychiatric facility located in Amityville, New York, has become the latest victim of a ransomware attack orchestrated by the ThreeAM ransomware group. The hospital, which operates 146 beds and is accredited by The Joint Commission, reported that 22.1 GB of sensitive data was exfiltrated and leaked by the attackers.

About Brunswick Hospital Center

Brunswick Hospital Center is a private, acute-care psychiatric hospital licensed by the New York State Office of Mental Health. The facility focuses on treating individuals with severe emotional disturbances and mental illnesses, offering services such as psychiatric assessments, individual and group therapy, creative arts therapy, family counseling, and nutritional support. The hospital employs between 51 to 200 staff members and reported a total patient revenue of approximately $167.15 million for the most recent fiscal year.

Attack Overview

The ThreeAM ransomware group claimed responsibility for the attack via their dark web leak site. The group reportedly exfiltrated 22.1 GB of data, which they have threatened to release if their ransom demands are not met. The attack has disrupted the hospital's operations, potentially compromising patient care and data security.

ThreeAM Ransomware Group

ThreeAM, also known as 3AM, is a newly emerging ransomware strain written in Rust. It is known for its sophisticated methods and ties to other cybercriminal organizations like Conti and Royal. The ransomware encrypts files and appends the extension ".threeamtime" to them. Victims receive a ransom note warning against self-recovery attempts and threatening to sell stolen data on the dark web if the ransom is not paid.

Penetration and Vulnerabilities

ThreeAM ransomware often serves as a fallback option during failed deployments of other ransomware, such as LockBit. The attackers likely gained initial access through phishing emails or exploiting vulnerabilities in the hospital's network. Once inside, the ransomware stops various security and backup services to maximize damage and prevent recovery efforts. The hospital's reliance on digital records and interconnected systems made it a prime target for such an attack.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.