A cybercriminal gang known as RansomHub has claimed responsibility for a recent hacking incident affecting patients at over two dozen skilled nursing and rehabilitation facilities, as well as a home healthcare unit. The Russian-speaking group alleges to have stolen 250 gigabytes of data in the attack, impacting tens of thousands of individuals.
HCF Management, a company based in Ohio, operates healthcare facilities in Ohio and Pennsylvania. Following the hack last fall, the company reported at least 25 data breaches to regulatory authorities on January 9. Approximately 70,000 people were affected by the incident, with the largest breach occurring at Heritage Health Care’s home healthcare division, impacting 12,162 individuals. Additionally, Hempfield Manor in Pennsylvania reported the most affected patients among HCF facilities, with 4,744 individuals impacted.
RansomHub first targeted HCF on October 29, 2024, and subsequently claimed to have leaked 250 gigabytes of data from the organization on their dark web platform. HCF discovered the unauthorized access on October 3, 2024, and took immediate steps to secure their network. A forensic firm was engaged to assist in identifying the extent of the breach, which was found to have exposed sensitive information such as names, addresses, Social Security numbers, and medical details.
As a result of the breach, HCF is facing multiple federal class action lawsuits alleging negligence in safeguarding patient data. The organization has yet to confirm whether ransomware was involved in the incident or provide further details on the lawsuits.
The healthcare sector has seen a surge in ransomware attacks in recent years, with HCF being one of many victims of such incidents. According to a report by security firm Black Kite, healthcare ranked third in the number of ransomware incidents in 2024, after the manufacturing and professional services industries. While RansomHub has been linked to several high-profile attacks in healthcare, other ransomware gangs have been increasingly targeting the sector as well.
In 2024, Everest led the pack with 25% of its ransomware victims in healthcare. Other notable groups targeting the sector included INC Ransom, Monti, and Rhysida. The report highlighted the heightened risk profile for the healthcare sector due to the prevalence of ransomware attacks, with physician offices and hospitals being the most targeted organizations.
Aside from HCF, Memorial Hospital and Manor in Georgia were also affected by a ransomware incident last fall, disrupting their IT systems for several days. Despite these challenges, the healthcare sector continues to be a target for cybercriminals, necessitating enhanced cybersecurity measures to protect sensitive patient information.