Skip to content

Rhysida Claims Major Data Theft From 2 More Health Systems

August 9, 2024 – Published on HealthcareInfoSecurity

Ransomware group Rhysida is shaking down at least two new victims in the healthcare sector – Bayhealth and Community Care Alliance – threatening to sell or dump patients’ sensitive health and personal information on the dark web.

Rhysida’s latest alleged victims include Delaware-based Bayhealth, a not-for-profit healthcare system with several hospitals, 4,000 employees, and 650 physicians and other clinicians – and also Rhode Island-based Community Care Alliance, which offers programs for individuals dealing with mental illness, addiction, housing issues and trauma-related issues.

Rhysida has been at the center of several recent high-profile hacks in the healthcare sector, including an attack on Ann & Robert H. Lurie Children’s Hospital of Chicago that disrupted the pediatric hospitals’ IT systems for weeks and resulting in data theft affecting nearly 776,000 people.

Rhysida’s ransomware operations date back to at least June of 2023, when security experts first observed victims posted to the group’s data leak site, said Jason Baker, senior threat consultant at GuidePoint Security.

“In that time, we’ve seen the group post 114 victims – excluding any which may have opted to pay the ransom before posting,” he said.

Some security research from late 2023 to present day found ties between Rhysida and the now-defunct Vice Society ransomware and extortion group, based largely on the overlapping emphasis on education and healthcare organizations, sequential operations and some overlaps in tactics, techniques and procedures, he said.

Read More HERE.