Rhysida claims Bayhealth Properly being facility breach
Oeisdigitalinvestigator.com:
Known for phishing assaults and the exploitation of official cybersecurity instruments, Rhysida claimed to comprise hit Bayhealth Medical Heart, which serves central and southern Delaware.
WHY IT MATTERS
Showcasing screenshots of stolen passports and ID playing cards as proof, the Rhysida Ransomware neighborhood gave nonprofit Bayhealth Properly being facility one week to pay the ransom and encourage a ways from the leak, basically based entirely entirely on a document Thursday in Security Affairs.
“With just correct 7 days on the clock, clutch the different to listing on recurring, uncommon and ambitious records,” Rhysida offered on its Tor leak position Wednesday.
“Start your wallets and be ready to purchase recurring records. We promote most efficient to one hand, no reselling, you will be the most efficient owner!”
We comprise contacted Bayhealth and must interchange the fable if an announcement is equipped.
THE LARGER TREND
While the neighborhood lacks overt affiliations with varied ransomware groups, it avoids focusing on veteran Soviet Republic or bloc nations and Central Asia’s Commonwealth of Self sustaining States, basically based entirely entirely on an August 2023 warning from the Properly being Sector Cybersecurity Coordination Heart.
HC3 said in the alert that as well to social engineering assaults, the neighborhood exploits recognized vulnerabilities in tool right via compromised programs after first deploying Cobalt Strike or varied frameworks, same to Unlit Basta. The PDF notes the neighborhood leaves in the encourage of are written as if to give a customer support ride.
Rhysida additionally claimed the ransomware attack on Prospect Medical Holdings of Los Angeles, disrupting care at hospitals and scientific companies and products in Connecticut and in several varied states that month.
Then in November, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency issued a joint cybersecurity advisory indicating the neighborhood leases instruments via a revenue-sharing model.
ON THE RECORD
“Rhysida actors reportedly have interaction in ‘double extortion’ [T1657] – demanding a ransom cost to decrypt sufferer records and threatening to submit the sensitive exfiltrated records unless the ransom is paid,” the FBI and CISA said in their advisory.
Andrea Fox is senior editor of Healthcare IT News.
E-mail: afox@himss.org
Healthcare IT News is a HIMSS Media e-newsletter.
The HIMSS Healthcare Cybersecurity Discussion board is scheduled to happen October 31-November 1 in Washington, D.C. Learn extra and register.