Over 20 Total Lots Up For Auction at One Location - TX Cleansweep 06/25

Prospect Medical Holdings patient data at stake in $1.3 million dark web auction

by John R. Fischer, Senior Reporter | August 30, 2023
Cyber Security Health IT
Rhysida ransom group has claimed responsibility for a cyberattack in early August on Prospect Medical Holdings' hospital and clinic network.
Data belonging to over half a million patients and employees at hospitals operated by Prospect Medical Holdings are up for sale for 50 bitcoin ($1.3 million) on a live auction site on the dark web created by the Rhysida ransom group.

The hackers claimed responsibility for a ransomware attack on August 3 that has left many of PMH’s Northeast facilities still closed or unable to use online services, according to Cybernews.

Based in Los Angeles, PMH is made up of 17 hospitals and more than 165 outpatient facilities and clinics in Connecticut, New Jersey, Pennsylvania, Rhode Island, and Southern California.

On its auction page, the group said on August 24 that it had “kindly been provided” social security numbers, passports, driver's licenses, patient medical files, and legal and financial documents for patients and employees, and set a countdown date to September 1 for a sale. It also listed information from Pierce College in Northwestern Washington state.

"Introducing our new partners — Prospect Medical Holdings. If you are interested in our partner's confidential documents, you will be able to purchase them too!!! Total 1TB unique files, as well as 1.3TB SQL database,” said Rhysida on the auction page.

It will sell all the data to one buyer, and on another page link, has listed samples of them.

The attack has triggered investigations by local FBI field offices at certain hospitals, including Waterbury Hospital in Connecticut, which is currently using paper records. It also caused network shutdowns at nearly half a dozen hospitals and facilities in Pennsylvania under the PMH subsidiary Crozer Health. PMH has not said when it expects services will return to normal.

At the top of all affected PMH hospital websites is a banner saying, “Prospect Medical Holdings, along with all Prospect Medical facilities, is experiencing a systemwide outage. We are working to resolve the issue as soon as possible and regret any inconvenience.”

The group is new, according to the U.S. Department of Health and Human Services, and allegedly has ties to the Vice Society Ransom gang, which is known for attacking educational institutions in the U.S., U.K., and Canada.

Rhysidia primarily attacks organizations in Western Europe, North and South America, and Australia within the healthcare, education, government, manufacturing, and technology sectors, typically using phishing attacks and Cobalt Strike, reported Cybernews.

It made headlines in May when it breached, stole, and leaked sensitive data from the Chilean government online. To date, it has 40 victims listed on its dark leak site, including PMH.

PMH is managed by Medical Properties Trust (MPT), the largest hospital real estate firm in the U.S. MPT was the subject of controversy earlier this month after it was revealed that it chose not to disclose a recapitalization agreement that PMH entered into to pay off its debts.

You Must Be Logged In To Post A Comment