In February 2024, the healthcare sector witnessed another cybersecurity breach when the notorious Rhysida Gang executed a sophisticated ransomware attack on a leading pediatric hospital. This incident not only disrupted the hospital's operations but also posed a direct threat to the safety and well-being of its young patients.
Who is the Rhysida Gang?
The Rhysida Gang is known for its ransomware attacks on a variety of targets, distinguishing itself through the sophistication of its attacks, the meticulousness of its operations, and its relentless pursuit of ransom payments. The gang employs advanced encryption techniques to lock victims out of their systems and demands payment in cryptocurrency for the decryption keys, complicating efforts to track and apprehend its members.
Since 2023, Rhysida have launched a cyber attack on the British Library, compromising their systems and potentially exposing sensitive data. They also targeted Sony-owned video game developer, Insomniac Games, known for titles like Spider-Man and Ratchet & Clank. In both cases, Rhysida demanded a ransom payment in Bitcoin. During its operation, Rhysida has caused significant financial losses for many of its victims, but it has also disrupted critical services and supply chains, highlighting the gang's capability and willingness to inflict widespread harm.
The latest attack details
On the 27th February 2024, Ann & Robert H. Lurie Children's Hospital of Chicago were targeted and attacked by the Rhysida Gang. Once inside, they deployed their ransomware, encrypting critical files and rendering medical records, patient management systems, and internet-connected equipment inoperable. As a result, staff were forced to use pen and paper to record clinical results, notes and prescriptions and parents struggled to contact their children’s medical team.
The hospital's data, which amounts to 600GB, is being offered for sale on the dark web for a price of 60 bitcoin, equivalent to about $3.4 million. The investigation into the attack is ongoing, and law enforcement and security experts are actively involved in addressing the situation.
Rhysidia is considered an established Ransomware-as-a-Service (RaaS) group, and while not the most prolific, it has been responsible for a significant number of attacks in the healthcare sector. Prior to targeting the pediatric hospital, the Rhysida Gang had already established a track record of high-profile attacks and have previously targeted 16 hospitals in the U.S.
Hospitals represent an attractive target for cybercriminals for several reasons. Firstly, they are integral to public health and safety, making them more likely to pay ransoms quickly to restore services and protect patient care. The healthcare sector's reliance on real-time access to patient data for diagnosis and treatment further exacerbates its vulnerability. Additionally, many healthcare institutions operate on tight budgets, often resulting in outdated IT infrastructures and insufficient cybersecurity measures. This combination of high stakes, urgency, and potential weaknesses makes hospitals particularly susceptible to ransomware attacks.
The broader implications
The Rhysida Gang's attack on the pediatric hospital underscores a growing trend in cybercrime: the targeting of institutions that are critical to public welfare. In response to the attack, cybersecurity professionals are encouraged to adopt a multifaceted approach to defense, including regular updates to IT infrastructure, the implementation of advanced threat detection systems, and the cultivation of a cybersecurity-aware culture among all staff members. Collaboration with law enforcement and cybersecurity firms is also crucial in addressing the complex challenges posed by groups like the Rhysida Gang.