Ransomeware Attack: Ransomware targets healthcare organization

A recent ransomware attack targeted Ardent Health Services, a Tennessee-based healthcare provider, during the Thanksgiving holiday, resulting in significant disruptions across its thirty US hospitals located in East Texas, New Jersey, Idaho, New Mexico, and Oklahoma. The incident forced the diversion of ambulances to alternative facilities as Ardent's technology team swiftly responded to protect data and restore system functionality. In a proactive move, the network was taken offline, suspending access to various IT applications, including corporate servers, the internet, and clinical programs. Law enforcement has been notified, and Ardent is collaborating with third-party forensic and threat intelligence advisors. The extent of compromised patient health or financial data remains uncertain at this time.

In a parallel development, Vanderbilt University Medical Center in Nashville, Tennessee, is investigating a cybersecurity incident involving a compromised database. Preliminary findings indicate that the compromised database did not contain personal or protected information about patients or employees.

Adding to the complexity of the cybersecurity landscape in the healthcare sector, Welltok, a patient engagement company, reported a breach earlier this year following an attack by the Clop ransomware group. This incident exposed the data of at least 426,000 patients from Premier Health in Ohio and another company based in Georgia.

These incidents underscore the vulnerability of healthcare organizations, highlighting the attractiveness of these entities as targets for cyber attackers. Security professionals face considerable challenges in both preparing for and responding to these threats.

BlackBerry's Global Threat Intelligence Report for Q3 2023 further accentuates the severity of the situation, revealing a staggering 70% increase in unique malware samples compared to the previous quarter. The financial services sector remains a prime target, with indications suggesting that cybercriminal groups are possibly launching attacks on various institutions across diverse economic sectors. This trend is attributed, in part, to the proliferation of Malware-as-a-Service (MaaS) platforms like RustyStealer, RedLine, and Lumna Stealer, readily available on underground forums and marketplaces. These developments have led to a convergence of attacks on traditional cybercrime targets and critical infrastructure in various countries, facilitated by the use of shared and commodified tools. Notably, the healthcare industry has witnessed a substantial 181% increase in unique malware attacks, emphasizing the pressing need for robust cybersecurity measures in the face of evolving threats.