The Hunters Worldwide ransomware gang claimed to be behind a cyberattack on the Fred Hutchinson Most cancers Middle (Fred Hutch) that resulted in sufferers receiving customized extortion threats.
Fred Hutch is a Seattle-based most cancers analysis and affected person care and therapy middle working a community of greater than ten medical websites within the area.
Firstly of the month, the hospital disclosed a cybersecurity incident that occurred on November 19, 2023, involving unauthorized entry to its networks.
The well being group quarantined the impacted servers, took its medical community offline to stop the unfold of the menace, and notified the federal legislation enforcement authorities of the assault.
The investigation carried out with the assistance of a number one forensic professional has not produced proof that the attackers stole affected person information, in accordance with the discover on Fred Hutch’s web site. Nonetheless, investigations on that entrance have not been accomplished but.
In the present day, the ransomware group Hunters Worldwide has added Fred Hutchinson to their extortion portal on the darkish internet, threatening the healthcare group with leaking 533.1GB of information allegedly stolen from its networks.
The menace actors have solely printed thumbnails of choose paperwork they declare to have exfiltrated from Fred Hutch’s networks, so the blackmail remains to be underway.
.png)
Sufferers threatened
Final week, it was reported that the menace actors liable for the assault on Fred Hutch had been emailing sufferers individually, threatening them with public disclosure of their delicate information.
As reported by the Seattle Instances, the attackers emailed many sufferers stating they’ve the names, Social Safety numbers, cellphone numbers, medical historical past, lab outcomes, and insurance coverage historical past of over 800,000 sufferers.
“In case you are studying this, your information has been stolen and can quickly be offered to numerous information brokers and black markets for use in fraud and different felony actions,” reads the emails seen by the Seattle Instances.
These emails reportedly contained recipients’ private data as proof, together with a affected person’s handle, cellphone quantity, and medical report quantity, and a hyperlink to a web site the place they may pay $50 to stop the info from being offered.
Fred Hutch issued a warning in regards to the e-mail messages and notified legislation enforcement. Additionally, they instructed sufferers who obtained the emails to not pay the menace actors and as a substitute block the sender and delete the e-mail.
Calling or emailing clients, contractors, and companions of a breached group to strain the sufferer is not new to ransomware. Nonetheless, it’s not frequent for menace actors to supply uncovered people a method to stop their information from being launched.
Hunters Worldwide is a reasonably new Ransomware-as-a-Service (RaaS) operation that’s believed to be a rebrand of the Hive ransomware operation because of similarities within the encryptor’s code.
Nonetheless, Hunters Worldwide has denied any connection to Hive, saying that they bought the software program and web site from the defunct ransomware operation.
The menace actors goal firms of all sizes, with ransom calls for seen by BleepingComputer ranging between a whole lot of hundreds to thousands and thousands of {dollars}.
Final week, the menace group claimed an assault towards Austal USA, a outstanding shipbuilding contractor for the U.S. authorities.
