ALPHV’s Largest Healthcare Data Breach Affects 15+ Hospitals


There’s shocking cybersecurity news from the healthcare sector in the US. The BlackCat ransomware group also known as ALPHV made a threat to “One of Michigan’s largest healthcare companies.” They claim to be behind the alleged McLaren Healthcare cyber attack. The dark web message posted by the ALPHV ransomware group about the ‘largest healthcare data breach’ comes at a time when healthcare across the United States is suffering the havoc caused by cyber criminals.

McLaren Healthcare Cyber Attack: Largest Healthcare Data Breach Claimed by ALPHV

The ransomware group that recently began adding API for a better experience on their leak website threatened a Michigan-based healthcare provider warning them about the release of stolen data in case the ransom is not paid.

ALPHV published the largest healthcare data breach threat on September 28, 2023. Cybersecurity Analyst Dominic Alvieri tweeted about the McLaren healthcare cyber attack with the screenshots of ALPHV ransomware group’s dark web portal.

ALPHV’s post about the healthcare data breach (Photo: Dominic Alvieri/ Twitter)

Dominic noted that the McLaren Healthcare ransomware attack caused a network of 15 hospitals and two HMOs on September 5, 2023.

ALPHV's Largest Healthcare Data Breach Affects 15+ Hospitals

The IT outage affecting the Michigan systems caused delays in billing and electronic health record. The IT team of McLaren Healthcare found suspicious activity on its systems during routine monitoring.

The health systems had to be shut down to investigate the found activities further. An employee stated that the McLaren outage led employees to use their personal cellphones to exchange messages during the shutdown.

Hackers posted the flag of Michigan in their threat to maintain the secrecy of the Michigan hospital while subtly pressuring them for a payout.

ALPHV Claims McLarens Healthcare Data Breach

The group behind the MGM Resorts ransomware attack wrote, “One of Michigan’s largest healthcare companies was attacked by our group.”

The hackers claim to have exfiltrated 6 Terabytes of data from the Michigan hospital cyber attack. This is likely why they called it the largest healthcare data breach based on the reputation of the hospital and the amount of data exfiltrated in the cyber attack.

Although they did not specify the kind of data they stole in the security breach, it can be understood that it includes patient data with their names, diagnoses, and contact details in the 6TB data heist.

“The medical and personal data of several million US citizens are at stake,” the message by ALPHV read.

They did mention that the exfiltrated data contained video material regarding the work of the healthcare.

In the message, ALPHV lauded the security mechanisms put in place by the Michigan healthcare likely due to the measures they had to take to get to the 6TB files on their network. This was not the case in the MGM Resorts ransomware attack where they made a rant about the weak security infrastructure of the global leader in resorts and casinos.

“We give a good chance to negotiate and come to a reasonable solution and maintain the reputation and money and calm of your patients, who entrusted you with their health and safety,” the largest healthcare data breach message further added.

ALPHV is set to release the 6TB of exfiltrated data from the Michigan healthcare system in ‘a few days.’

Largest healthcare data breach
Recent victims of ALPHV ransomware group (Photo: Daily Dark Web/ Twitter)

ALPHV ransomware group has been a threat to several organizations as it targets entities across the globe. In the past few weeks, the ransomware group has named Paincare in the Netherlands, Yusen Logistics in Japan, Taoglas in the United States, Ruko in Germany, and Mole Valley Farmers in the United Kingdom.

Besides them, they have also claimed cyber attacks on Ende in Angola, Arail in Saudi Arabia, and Unique Engineering in Thailand suggesting the growing malicious infrastructure of the group to target organizations across nations.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link