In a major security breach, the Rhysida ransomware group has declared responsibility for infiltrating Prospect Medical Holdings, a chain of hospitals operating across several states including California, Texas, Connecticut, Rhode Island, and Pennsylvania. The cyberattack, which occurred in early August, severely disrupted hospital computer systems, leading to the closure of emergency rooms and ambulance diversions.
Vital services were adversely affected, with reports highlighting disruptions in facilities like Crozer-Chester Medical Center, Taylor Hospital, Delaware County Memorial Hospital, and Springfield Hospital in Pennsylvania. The incident prompted the use of paper records and the involvement of third-party cybersecurity experts for investigation.
As Prospect Medical Holdings battled the aftermath of the breach, the Rhysida ransomware group emerged as the culprits, asserting that they had accessed and stolen sensitive data. The group boasted of acquiring a significant database, containing over half a million social security numbers, corporate documents, and patient records.
Their claim extended to the theft of 1 TB of documents, which encompassed diverse information such as client and employee passports, driver’s licenses, medical histories, financial records, and legal documents. The group, via its Tor leak site, threatened to leak this information unless a ransom of 50 Bitcoins (equivalent to $1.3 million) was paid by Prospect Medical Holdings.
In a display of proof, the Rhysida ransomware group shared images of social security cards, documents, and patient records. The group’s activities date back to May 2023 and have targeted at least 44 companies, making their operations a significant and growing concern.
This breach underscores the grave impact of cyberattacks on crucial institutions like healthcare providers, highlighting the need for robust cybersecurity measures to protect sensitive information and prevent potential future attacks.
