HC3 Sounds Alarm About Rhysida Ransomware Group – HIPAA Journal
HC3 Sounds Alarm About Rhysida Ransomware Group HIPAA Journal
HC3 Sounds Alarm About Rhysida Ransomware Group
The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a security alert about a new ransomware group – Rhysida – which is conducting high-impact attacks across multiple industry sectors. Attacks have been conducted in North and South America, Western Europe, and Australia, with the United States, Italy, Spain, and the United Kingdom having suffered the most attacks. The primary targets appear to be in the education, government, manufacturing, and technology sectors, although the group has conducted some attacks on the healthcare and public health (HPH) sector.
Rhysida is a ransomware-as-a-service operation that recruits affiliates to conduct attacks using its ransomware variant in exchange for a percentage of any ransom payments they generate. The group was first identified in May 2023, and its ransomware variant appears to still be in the early stages of development as it lacks the advanced features seen in the ransomware variants used by more established threat groups.
Rhysida ransomware is deployed after initial access to victims’ networks has been established through phishing attacks and the exploitation of vulnerabilities in software. The Cobalt Strike attack framework is deployed on compromised systems and used to deliver the ransomware payload. The ransomware uses a 4096-bit RSA key with the ChaCha20 algorithm to encrypt files and a PDF ransom note is dropped on the encrypted drives, which demands payment in Bitcoin for the keys to decrypt data and prevent the publication of stolen data. The ransom amount is not stated in the notes. Victims are required to make contact with the threat group via TOR to negotiate payment. Rhysida was behind a recent attack on the Chilean Army and has listed 8 attacks on its data leak site to date, and published stolen data from five of those attacks.
Security researchers have yet to confirm a connection between the Rhysida ransomware-as-a-service operation and other ransomware or cybercriminal groups, although some security researchers believe there may be a link with the Vice Society group, which also primarily targets the Education sector. HC3 has shared Indicators of Compromise (IoCs) in the alert to help network defenders detect attacks and several proactive steps that healthcare organizations can take to harden their defenses and prevent attacks.
The post HC3 Sounds Alarm About Rhysida Ransomware Group appeared first on HIPAA Journal.
Ransomware Attack on Prospect Medical Holdings Affects Facilities … – HIPAA Journal
Ransomware Attack on Prospect Medical Holdings Affects Facilities in Multiple States
Prospect Medical Holdings, Los Angeles, CA-based health system that operates 17 hospitals and 166 outpatient clinics in California, Connecticut, Pennsylvania, Rhode Island, and New Jersey has been hit with a ransomware attack that has disrupted operations across its network, including operations at its subsidiaries Crozer Health and the Eastern Connecticut Health Network (ECHN).
Prospect Medical Holdings said steps were immediately taken to prevent further unauthorized access and several IT systems were taken offline to protect those systems. Third-party cybersecurity specialists were engaged to investigate and determine the scope of the breach and the ransomware attack was reported to the Federal Bureau of Investigation (FBI), which has launched an investigation. The Department of Health and Human Services has offered federal assistance and said it is able to provide support, as needed, to prevent disruption to patient care.
Without access to IT systems, ambulances were diverted to other facilities in the immediate aftermath of the attack, and employees at the affected healthcare facilities adopted their emergency downtime procedures and reverted to using paper records. ECHN said it took the decision to temporarily close some of its facilities including diagnostic labs, elective surgery and gastroenterology centers, and halted outpatient medical imaging, blood draw, and physical therapy services and is contacting patients to reschedule appointments.
The attack began on Thursday and efforts are still underway to restore its systems and return to normal operations. A spokesperson for Prospect Medical Holdings said, “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.” At such an early stage of the investigation, the extent to which patient information was compromised has yet to be determined. It is currently unclear which ransomware group was behind the attack.
The post Ransomware Attack on Prospect Medical Holdings Affects Facilities in Multiple States appeared first on HIPAA Journal.
Saving lives with faxes: TXMultilisting speeds up the donor organ … – CIO Dive
Redington and Scrut Automation Collaborate to Deliver Advanced … – CXOToday.com
FTC Emerges as Leader in Health Privacy Enforcement – JD Supra
FTC Emerges as Leader in Health Privacy Enforcement – Lexology
Do you have a smartwatch? My analog ‘dumb’ watch is still tickin … – Manchester Ink Link
Do you have a smartwatch? My analog ‘dumb’ watch is still tickin ... Manchester Ink Link