Bayhealth, a healthcare provider serving central and southern Delaware, is currently dealing with a potential security incident after identifying suspicious network activity that has affected some of its systems. While the organization has not confirmed an actual data breach, it is aware that the Rhysida ransomware group has claimed responsibility for exfiltrating data. The ongoing investigation aims to assess the extent of the incident and determine whether sensitive patient information has been compromised.
The Rhysida group is known for targeting healthcare organizations and utilizing stolen data as leverage to extort ransoms from victims. This group previously attacked Ann & Robert H. Lurie Children’s Hospital of Chicago in February 2024, highlighting its focus on the public health sector. By adding Bayhealth to its dark web data leak site, Rhysida has intensified the pressure on the healthcare provider, asserting that it possesses sensitive information that could be sold if the ransom is not paid.
Bayhealth has publicly acknowledged the ransom demand made by Rhysida, which is set at 25 Bitcoin, roughly equivalent to $1.5 million. The group has granted Bayhealth a seven-day period to make the payment, or else it will release the stolen data for sale. The data reportedly includes sensitive personal information such as scanned passports, driver’s licenses, and other confidential documents, raising concerns about the potential impact on patients and their privacy.
As the investigation unfolds, Bayhealth is likely focusing on strengthening its cybersecurity measures and collaborating with law enforcement to mitigate the potential damage. The incident underscores the growing threats faced by healthcare institutions in an increasingly digital landscape, where cybercriminals exploit vulnerabilities to access sensitive information. By addressing these challenges, Bayhealth aims to protect its patients and maintain trust in its services amid ongoing scrutiny of its security protocols.
Reference: