Η Group Health Cooperative of South Central Wisconsin (GHC-SCW) Revealed ransomware attack, which took place in January and led to Oversight data affecting more than 500,000 people. The hackers managed to steal documents containing personal and medical information.
However, the compromised devices were not encrypted so GHC-SCW was able to secure its systems with the help of external cybersecurity experts. In addition, the systems were brought back to internet, after a a short interruption to limit the infringement.
“In the early morning hours of January 25, 2024, GHC-SCW detected unauthorized access to its network. Its IT department intentionally isolated and secured the network, resulting in many of the Recommendation not be temporarily available“, reported the non-profit healthcare provider.
See also: Change Healthcare faces second ransomware attack
A few days later (9 February) and after an investigation had been launched, it was discovered that the ransomware gang had copied some of the data of the GHC-SCW, which included protected health information (PHI). In addition, the ransomware gang contacted GHC -The SCW and claimed responsibility for the attack and data breach.
The health data stolen during the attack of January include names, addresses, telephone numbers, email addresses, birth and/or death dates, social security numbers, membership numbers, and Medicare and/or Medicaid numbers.
According to information shared with the US Department of Health and Human Services, the GHC-SCW data breach affected 533,809 people.
In response to the incident, the GHC-SCW says it received Measures Security to prevent future attacks, including strengthening existing controls, backing up data and educating users.
Users are required to monitor all communications from healthcare providers, including emails, messages, billing statements and other communications, and to report any suspicious activity to GHC-SCW immediately.
See also: Reduction of ransomware attacks in 2024
Impact on patients
The ransomware attack on GHC-SCW has a significant impact on patients of. First, the personal and medical information of more than 500,000 people have been compromised, increasing the risk to patient privacy and safety.
Second, it caused temporary interruption in the provision of health services. Ransomware attacks often paralyse IT systems, which can result in the delay or suspension of medical services.
Third, the patient confidence in GHC-SCW may have been undermined. Patients expect service providers to Health protect their sensitive information and such a breach may result in the loss of their trust.
Finally, patients may experience additional stress and anxiety because of the attack. The threat of identity theft or other forms of fraud can cause significant stress.
See also: Ransomware gang uses new trick to get the ransom
BlackSuit ransomware
GHC-SCW did not reveal the name of the group behind the January breach, but the ransomware gang BlackSuit took over responsibility in March.
According to the perpetrators' claims, the stolen files also contain patient financial information, employee data, business contracts and email correspondence.
At the moment, we don't know much about the group, but last June, the gang Royal ransomware - believed to be Conti's direct successor - began testing a new encryptor called BlackSuit. Since then, Royal has been renamed BlackSuit.
The FBI and CISA revealed in November that the Royal ransomware gang had breached the networks of at least 350 organisations worldwide as of September 2022.
Source : www.bleepingcomputer.com
 αποκάλυψε ransomware επίθεση που οδήγησε σε παραβίαση δεδομένων){kind=link}