Non-profit healthcare provider GHC-SCW disclosed a ransomware attack in January, compromising the personal and medical data of over 500,000 individuals. Although the attackers accessed the network, they were unable to encrypt the devices, allowing GHC-SCW to isolate and secure its systems with external cyber incident response experts’ assistance. Despite these efforts, the attackers managed to copy sensitive data, including protected health information (PHI), prompting GHC-SCW to strengthen security measures.
The stolen health data contains vital details such as names, addresses, social security numbers, and Medicare/Medicaid numbers. While the exact number of affected individuals wasn’t disclosed initially, subsequent information shared with the U.S. Department of Health and Human Services revealed that 533,809 individuals were impacted by the breach. GHC-SCW assured individuals affected by the breach to monitor healthcare communications closely and report any suspicious activity promptly.
The attackers behind the breach, identified as the BlackSuit ransomware gang, claimed responsibility for the attack in March, revealing that the stolen files included financial information, employee data, and business contracts. Despite the gang’s activity being observed since May, little is known about their operations and motives. The FBI and CISA jointly advised that the Royal ransomware gang, believed to be BlackSuit’s precursor, had targeted over 350 organizations worldwide, demanding over $275 million in ransom payments.
