RansomHub claims to have breached Intermountain Planned Parenthood, stealing 93GB of data. The healthcare provider is investigating the cyber attack while experts warn of escalating ransomware threats to critical sectors.
The notorious RansomHub ransomware group has claimed responsibility for breaching Planned Parenthood, a leading U.S. healthcare provider. Specifically, the group has targeted Intermountain Planned Parenthood, a branch located in Montana.
According to the Hackread.com research team, RansomHub posted a sample of the alleged stolen data on its dark web leak site. The data reportedly includes 93GB of sensitive information. The group has threatened to release the stolen data unless a ransom is paid, although the exact amount demanded is still unclear.
Planned Parenthood has acknowledged the breach and is taking steps to manage the situation. An investigation is underway to assess the full extent of the data compromised. Martha Fuller, CEO and president of Planned Parenthood of Montana (PPMT), issued a statement:
“On August 28, 2024, Planned Parenthood of Montana (PPMT) identified a cybersecurity incident affecting our IT systems. We immediately implemented our incident response protocols, including taking portions of our network offline as a proactive security measure,” Fuller told Hackread.com.
RansomHub, a ransomware-as-a-service (RaaS) group, first emerged in February 2024. The group primarily engages in data theft and extortion, rather than encrypting files. Security experts believe RansomHub evolved from the now-defunct Knight ransomware, previously known as Cyclops.
The group has already claimed more than 210 victims across various critical infrastructure sectors. This attack on Planned Parenthood follows a security advisory issued by the FBI and CISA, warning about the group’s increased activity.
The #FBI, @CISAgov and other partners have released a joint
#CybersecurityAdvisory on Ransomhub, a ransomware-as-a-service (RaaS) variant that has claimed at least 210 victims in multiple critical infrastructure sectors. Click for details and mitigations:
https://t.co/vnQ5H0uVo6— FBI (@FBI)
August 29, 2024
Ferhat Dikbiyik, Chief Research and Intelligence Officer of Black Kite, provided insight into RansomHub’s growing influence:
“RansomHub’s rapid rise to the top of the ransomware ecosystem is fueled by its aggressive affiliate model and a growing list of victims, including major players like Halliburton and Planned Parenthood but unlike older groups, they’ve attracted affiliates by offering a 90% cut and upfront payments, driven by the downfall of AlphV and LockBit.”
“Approximately 40% of their attacks target professional services and manufacturing sectors, with U.S. companies accounting for one-third of their victims. Critical industries, such as energy, healthcare, telecommunications, and financial services, are most affected,” he explained.
Dikbiyik also noted the broader implications of these attacks: “The Halliburton breach, impacting a key player in the energy sector, highlights the ripple effects these attacks can have, from supply chain disruptions to energy shortages. The Planned Parenthood attack shows RansomHub’s focus on organizations with sensitive data. Their strategy of exploiting vulnerabilities underscores the need for organizations to tighten vulnerability management and third-party risk monitoring, especially as critical infrastructure continues to be a prime target.”
This is not the first time Planned Parenthood has faced a cyber attack. In July 2015, the organization was targeted by DDoS attacks and a security breach carried out by anti-abortion hacktivists. These attacks occurred after a controversial undercover video alleged that the organization was involved in donating fetal tissue for medical research.
The recent ransomware attack shows that no organization is immune from cyber threats, regardless of its size or mission. This article will be updated with new information. Stay tuned!
RELATED TOPICS
- Non-Profit Blood Center OneBlood Hit by Ransomware Attack
- Iranian Hackers Team Up with Ransomware Gangs Against US
- PythonAnywhere Cloud Platform Abused for Hosting Ransomware
- Qilin Ransomware Upgrade: Now Steals Google Chrome Credentials
- BlackByte Ransomware Exploits VMware Flaw in VPN-Based Attacks