In a shocking development within the healthcare sector in the United States, the BlackCat ransomware group, also known as ALPHV, has made a threatening claim against one of Michigan’s largest healthcare companies. The group asserts that they are responsible for the alleged cyber attack on McLaren Healthcare. This announcement comes at a time when the healthcare industry is already grappling with the havoc caused by cyber criminals.
The ransomware group, which recently added an API for a more user-friendly experience on their leak website, issued a warning to a Michigan-based healthcare provider regarding the release of stolen data if the ransom is not paid. ALPHV published its threat regarding the largest healthcare data breach on September 28, 2023. Cybersecurity Analyst Dominic Alvieri shared screenshots of the group’s dark web portal on Twitter, bringing attention to the McLaren healthcare cyber attack.
According to Dominic, the ransomware attack on McLaren Healthcare impacted a network of 15 hospitals and two HMOs on September 5, 2023. This incident resulted in an IT outage, causing delays in billing and electronic health record systems. The McLaren Healthcare IT team detected suspicious activity during routine monitoring, leading to a shutdown of the systems for further investigation. Employees were forced to resort to using their personal cellphones to communicate during the shutdown.
Hackers involved in this cyber attack posted the flag of Michigan in their threat, likely to maintain the anonymity of the Michigan hospital while putting pressure on them to pay the ransom. The group behind the MGM Resorts ransomware attack, which is also attributed to ALPHV, claimed responsibility for targeting one of Michigan’s largest healthcare companies.
The ransomware group claims to have exfiltrated a whopping 6 Terabytes of data from the Michigan hospital. The sheer scale of the data exfiltration, coupled with the hospital’s reputation, has prompted ALPHV to label it as the largest healthcare data breach. Although the hackers did not specify the nature of the stolen data in their message, it is presumed to include patient information such as names, diagnoses, and contact details. The message by ALPHV highlighted the fact that the medical and personal data of several million US citizens are at stake.
The group also mentioned that the exfiltrated data contains video material related to the healthcare system’s operations. Interestingly, ALPHV commended the security mechanisms implemented by McLaren Healthcare, indicating that substantial measures were required to access the 6 Terabytes of files on the network. This differs from the group’s criticism of the weak security infrastructure at MGM Resorts in a previous attack.
The message by ALPHV concluded with an offer to negotiate a reasonable solution to maintain the reputation and safety of the hospital’s patients. However, if the payout is not made, ALPHV plans to release the 6 Terabytes of exfiltrated data from the Michigan healthcare system in the coming days.
ALPHV, also known as the BlackCat ransomware group, has been a persistent threat to numerous organizations worldwide. Recent victims of their attacks include Paincare in the Netherlands, Yusen Logistics in Japan, Taoglas in the United States, Ruko in Germany, and Mole Valley Farmers in the United Kingdom. The group has also claimed responsibility for cyber attacks on Ende in Angola, Arail in Saudi Arabia, and Unique Engineering in Thailand, displaying the expanding reach of their malicious infrastructure.
It is essential to note that this report is based on internal and external research obtained from various sources. The information provided is for reference purposes only, and users are responsible for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
As healthcare organizations continue to face unprecedented cyber threats, it is crucial for them to strengthen their security measures and invest in robust cybersecurity systems to protect patient data and maintain the trust and safety of their patients.