At a glance.
- RansomHouse attacks Colombian healthcare network.
- Patient data exposed in breach.
- US school district suffers data breach.
RansomHouse attacks Colombian healthcare network.
SC Media reports that Colombian healthcare provider Keralty was hit with a ransomware attack last weekend at the hands of the RansomHouse threat group. Keralty is a multinational healthcare organization with a network of twelve hospitals and over three hundred medical centers in Latin America, Spain, the US, and Asia serving over 6 million patients. The attack has led to disruptions in the organization’s IT operations, the scheduling of medical appointments, and its websites, as well as those of its subsidiaries, EPS Sanitas and Colsanitas, and local media report long waits for patients seeking care. Keralty initially reported technical issues on Monday before disclosing on Tuesday that a cyberattack had occurred. A translated statement from the organization reads, "The computer servers of the Keralty Group companies have been the object of a cyberattack, which has generated technical failures in our systems.”
As Bleeping Computer explains, a Twitter user named Alexánder confirmed the incident was a ransomware attack by posting a screenshot of a VMware ESXi server with a ransom note addressed to Keralty from the RansomHouse gang. The threat actors told BleepingComputer that they were behind a November 27 attack and claimed to have stolen 3 TB of data, though the data theft has not been verified. Raj Samani, SVP and chief scientist at Rapid7, told Infosecurity Magazine, "Ransomware actors know that hitting business availability and patient care of healthcare organizations will likely yield the highest ransom payments. By disrupting IT systems, threat actors can slow down the delivery of patient care, which can result in human fatalities." An investigation into the incident has been launched, and Keralty has enlisted the assistance of law enforcement authorities. Keralty’s statement continues, "From the moment it was identified, we have been working 24 hours a day, both from the technological team and from the medical and administrative team, to provide continuity of care to our members.”
Patient data exposed in breach.
Virginia Mason Franciscan Health (VMFH), an integrated hospital, training, and research facility located in the US state of Washington, suffered a cyberincident in October that potentially impacted employee and patient data. VMFH has now confirmed that the incident was a ransomware attack, and that patient data were accessed, MYNorthwest reports. According to a statement released yesterday from parent company CommonSpirit Health, an investigation has revealed that an unauthorized third party gained access to portions of their network, which included files containing personal information related to patients, family members, or caregivers of patients. Impacted individuals will be notified by mail.
US school district suffers data breach.
The Little Rock School District, located in the US state of Arkansas, yesterday announced it had discovered unauthorized activity on its network, the Arkansas Times reports. The announcement reads, “The forensic analysis is still ongoing; however, the analysis has determined that some data may have been taken from our network. At this time, we do not know exactly what data may be at issue, but we are working as quickly as possible to be able to ascertain that information.” Officials go on to say that if it is determined that any employee or student data were compromised, the appropriate parties will be notified. The officials conclude, "LRSD has implemented additional monitoring and threat detection software to supplement the security measures already in place and has taken steps to further secure its network. We are committed to completing a detailed review of our internal systems and will take everything we learned from the incident to strengthen our network for the future."