Published: March 26, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
Consulate Health Care (CHC), one of the foremost providers of post-acute medical services for seniors across the nation, was recently targeted by The Hive ransomware gang. Obviously, this happened prior to the Hive gang getting thwarted by law enforcement. But it’s never too late to learn from prior events. In this case, which may happen again by a re-envisioned Hive gang or another group, it all went down through the threat of publishing stolen data of nearly 550 GB via their Tor leak site.
This is becoming a favorite tactic of ransomware groups. Hive was aiming to coerce organizations like CHC into paying up or they’d publish their patients’ very protected data.
The gang was able to gain access to multiple types of private data belonging to CHC. The launch of the attack was accompanied by a public statement and proof in the form of leaked samples that included contracts, nondisclosure agreements (NDAs), as well as budget plans, customer evaluations, employee information such as social security numbers or emails, and customers' records including medical histories and credit cards.
According to Hive, they attacked CHC directly on December 3, 2022, but the organization only disclosed information about the attack on January 6, 2023. In CHCs notice, it was a vendor who was breached. However, those details don’t matter as much as the fact that it happened.
When a security researcher initially noticed the 550 GB of data stolen, including confidential customer and employee PII information, it became clear very quickly that negotiations with the ransomware gang had stalled and they opted to release all the stolen data in less than three hours.
Was not paying up the correct strategy for CHC? The answer is up to them. However, while no amount of cybersecurity training is foolproof, it’s never a bad idea to keep everyone updated on the latest threats, like this one. If employees and contractors alike know how to identify phishing, the lower the risk of something like this happening to the organization. And lowering risk of a ransomware attack is always good.
There are many options for cybersecurity, and specifically phishing, awareness training. Take time to check out what is best for your organization and implement it. Be sure to do ongoing training. One time a year just isn’t enough these days as threats evolve and often get copied and modified to meet the cybercriminal’s needs. Just because law enforcement does take down cybercrime gangs from time to time, it doesn’t mean they just go away. In fact, they are likely to do what the rest of us do; move on to another organization to continue doing what they do.
DataBreaches mentioned that the negotiations between CHC and the ransomware group ended several weeks before news got out because the amount demanded was unaffordable. The counteroffer wasn’t enough for the gang and CHC’s insurance would not cover any amount of a ransomware payment.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com