The Hunters International ransomware gang claimed to be behind a cyberattack on the Fred Hutchinson Cancer Center that resulted in patients receiving personalized extortion threats.
Fred Hutch is a Seattle-based cancer research and patient care and treatment center operating a network of more than ten clinical sites in the region.
The health organization quarantined the impacted servers, took its clinical network offline to prevent the spread of the threat, and notified the federal law enforcement authorities of the attack.
The investigation conducted with the help of a leading forensic expert has not produced evidence that the attackers stole patient data, according to the notice on Fred Hutch's website.
Today, the ransomware group Hunters International has added Fred Hutchinson to their extortion portal on the dark web, threatening the healthcare organization with leaking 533.1GB of data allegedly stolen from its networks.
The threat actors have only published thumbnails of select documents they claim to have exfiltrated from Fred Hutch's networks, so the blackmail is still underway.
Last week, it was reported that the threat actors responsible for the attack on Fred Hutch were emailing patients individually, threatening them with public disclosure of their sensitive data.
As reported by the Seattle Times, the attackers emailed many patients stating they have the names, Social Security numbers, phone numbers, medical history, lab results, and insurance history of over 800,000 patients.
These emails reportedly contained recipients' personal information as proof, including a patient's address, phone number, and medical record number, and a link to a site where they could pay $50 to prevent the data from being sold.
Fred Hutch issued a warning about the email messages and notified law enforcement.
They told patients who received the emails not to pay the threat actors and instead block the sender and delete the email.
Calling or emailing customers, contractors, and partners of a breached organization to pressure the victim is not new toto ransomware.
It is not common for threat actors to offer exposed individuals a way to prevent their data from being released.
Hunters International is a fairly new Ransomware-as-a-Service operation that is believed to be a rebrand of the Hive ransomware operation due to similarities in the encryptor's code.
Hunters International has denied any connection to Hive, saying that they purchased the software and website from the defunct ransomware operation.
Last week, the threat group claimed an attack against Austal USA, a prominent shipbuilding contractor for the U.S. government.
Norton Healthcare discloses data breach after May ransomware attack.
Ardent hospital ERs disrupted in 6 states after ransomware attack.
TransForm says ransomware data breach affects 267,000 patients.
Navy contractor Austal USA confirms cyberattack after data leak.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 15 Dec 2023 16:50:23 +0000