Tri-City Medical Center, an Oceanside hospital in California, is still grappling with ransomware extortion attempts by the “INC RANSOM” cybercriminal group. Although the hospital restored operations more than two weeks ago, the attackers recently announced their possession of stolen records on the dark web, including sensitive health and financial information. While the hospital reported that ambulance traffic and elective surgeries resumed on November 27 after the attack that began on November 9, the recent disclosure by the ransomware group suggests ongoing pressure tactics.
The cybercriminals posted evidence, comprising eight printed pages, presumably taken during the ransomware attack. The records include two prior authorization forms with patient details and financial information, but the exact number of compromised records remains unknown. Notably, the disclosure is made on a “mirror” site on the regular internet to maintain anonymity. However, The San Diego Union-Tribune refrained from publicly sharing the site to avoid spreading stolen information.
Jake Milstein, a cybersecurity advisor, highlighted that such dark web posts aim to force organizations into paying ransoms to prevent larger data dumps. Cybercriminals increasingly leverage stolen private information not only for ransom demands but also to contact affected individuals directly, making specific demands based on their private data. This new tactic involves calling patients and threatening to disclose sensitive information unless ransom demands are met. Despite potential payment, there’s no guarantee against further data exposure, emphasizing the need for a cautious and proactive approach by organizations and affected individuals.
As a result of the ongoing ransomware threat, individuals who received medical care at Tri-City are advised to assume that their personal information was compromised. Cybersecurity experts recommend regular checks on health insurance accounts, medical records, and credit cards for any unauthorized activity. Furthermore, they suggest freezing credit, especially for children, to prevent identity theft and fraudulent financial activities. Amid the escalating ransomware landscape, digital hygiene practices, such as multifactor authentication, software updates, cautious clicking, and strong password management, are crucial to minimize the risk of attacks.
In conclusion, the aftermath of the Tri-City Medical Center ransomware attack extends beyond operational restoration, as cybercriminals employ pressure tactics and direct threats, underscoring the persistent challenges organizations face in dealing with increasingly sophisticated ransomware attacks and extortion attempts.
