Last Week in Ransomware: 10-09-2023

Ransomware operators continue to wreak havoc as Last Week in Ransomware News we saw alarming stories from the cyber trenches, including a ransomware attack on Prospect Medical Holdings, legal action against CarePointe, and the evolving tactics of cybercriminals...

Ransomware Strikes Prospect Medical Holdings

Prospect Medical Holdings, a healthcare provider, fell victim to a malicious ransomware attack. The consequences were catastrophic. Emergency rooms shut down, medical procedures got canceled, billing systems crashed, and ambulances were sent on unexpected detours across multiple states. Chaos, right?

But it gets worse. Over 40 agonizing days, three Connecticut hospitals owned by Prospect Medical Holdings were held hostage. The administrators had to issue a staggering 29 'divert notifications' to emergency personnel, diverting patients away from the affected facilities. Medicaid payments couldn't be processed, forcing the state Department of Social Services to advance a whopping $7.5 million.

Nearly half of elective procedures had to be canceled, and at times, vital diagnostics like X-rays and CT scans couldn't be performed. It's a medical thriller playing out in real life. The attack on Prospect Medical Holdings highlights the fragility of our healthcare system.  

Ransomware operators target healthcare providers because they know that lives are at stake. The urgency in healthcare means organizations often pay the ransom, and attackers exploit that. They don't care about human lives; they care about money.

Cybercriminals have grown adept at infiltrating networks quietly, stealing sensitive data, and using it as leverage for higher ransom demands. Recovery from a ransomware attack takes weeks, and patients can't afford delays in treatment. The situation is so dire that organizations like CISA, the FBI, NSA, and HHS are sounding the alarm.

Ransomware attacks are on the rise, and healthcare providers are prime targets. Without proactive measures, these attacks could lead to patient deaths. It's a critical issue that demands attention. Read More Here

Suing CarePointe: Indiana Attorney General Takes Action

In Indiana, the Attorney General, Todd Rokita, filed a lawsuit against CarePointe, a medical group, over a ransomware attack that exposed sensitive data for 48,742 patients.  

The lawsuit alleges multiple violations of HIPAA rules and other regulations. Security issues, such as weak password policies and outdated software, were identified.

A ransomware attack can cost more than $4 million, and that doesn't include potential losses from lawsuits and other associated costs. Most attacks today involve data exfiltration before encryption, adding another layer of risk.  

Organizations must ensure robust security controls and regular assessments to defend against these threats. Read More Here

Time to Infection Drops: Ransomware Operators Get Faster

Hold onto your seats because ransomware operators are speeding up their attacks. The time it takes to infect a system has dropped from an average of 4.5 days to just hours.  

This reduction in infection time is concerning for defenders. While some argue it's because attackers are targeting smaller organizations, there are other factors at play. The barriers to entry in the ransomware game have vanished. Automation is key, allowing attackers to hit more victims faster.

Unpatched vulnerabilities and misconfigurations are exploited, and automation means attackers can target the low-hanging fruit. Even large organizations like Sony aren't immune, as evidenced by their breaches. It's a digital arms race, and organizations must step up their game. Read More Here

Sony's Double Data Extortion

Entertainment giant Sony faced a double whammy. First, they alerted thousands of employees and their families about a security breach. Attackers exploited a zero-day vulnerability, causing significant data exposure. Then, a second attack by Ransomed.vc led to data exfiltration and threats of regulatory sanctions under GDPR.

Even organizations with mature security programs aren't immune. Vulnerabilities in software can lead to devastating ransomware attacks. The threat of exposing organizations to regulators if they don't pay ransom adds a new layer of complexity. Read More Here

The cyber world is a thrilling and dangerous place, with ransomware attacks wreaking havoc on organizations of all sizes. From healthcare providers to entertainment giants, everyone is a potential target.  

To survive in this digital jungle, organizations must invest in robust cybersecurity measures and stay one step ahead of the relentless cybercriminals. Stay safe out there, cyber warriors!

‍

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile (PDF), and check out the Recent Ransomware Attacks resource site.