Las Vegas Hospital Suffers a Data Breach
Table of Contents
- By Dawna M. Roberts
- Published: Jul 12, 2021
- Last Updated: Mar 18, 2022
Another healthcare organization was hit with ransomware earlier this month. The ransomware gang REvil claimed responsibility for attacking the University Medical Center (UMC) in Las Vegas, Nevada.
What Happened?
According to Infosecurity Magazine, the REvil hacker conglomerate hacked into the computer network and exfiltrated “data belonging to the hospital. Sensitive information allegedly swiped by the gang includes Nevada driver’s licenses, passports, and Social Security numbers.”
The Las Vegas Review-Journal first discovered data on the REvil gang’s darknet website belonging to six data breach victims. The group had uploaded images of the stolen data for display.
Last Tuesday, UMC released a public notice about the attack. In the notice, the company confirmed that an unauthorized intruder accessed network resources in mid-June. They also mentioned that they had initiated an investigation and were working with state and federal law enforcement on the issue.
UMC said;
“This type of attack has become increasingly common in the [healthcare] industry, with hospitals across the world experiencing similar situations.”
“There is no evidence that any clinical systems were accessed during the attack. UMC continues to work alongside the Las Vegas Metropolitan Police Department, the FBI, and [cybersecurity] experts to determine the exact origin and scope of the attack.”
Who is UMC?
According to Infosecurity Magazine,
“UMC is a nonprofit public hospital affiliated with the Kirk Kerkorian School of Medicine at UNLV and operated by the Clark County Commission. The hospital houses the Silver State’s only Level 1 trauma center.”
The healthcare organization is in the process of notifying all victims of the data breach by mail. Additionally, they are offering victims “access to complimentary identity protection and credit monitoring services.”
This latest ransomware attack is number 32 on healthcare organizations in the United States. This means that more than 285 patient care facilities’ operations have been disrupted this year alone.
Who is the REvil Hacker Gang?
REvil is a notorious hacker gang with some impressive feats of criminality under their collective belts. For example, they were responsible for hacking Quanta, an Apple supplier, and demanding $50 million from Apple (who did not pay).
Cybersecurity experts believe that REvil is a Russian-backed hacker group with sophisticated skills and a brazen attitude without boundaries. The current Presidential Administration has threatened the Russian President, Vladimir Putin, with sanctions and has implied that the Russian government is protecting this group.
The group has a darknet leak website they call the “Happy Blog.” On it, they post samples of exfiltrated data to persuade victims to pay up.
To date, the group has targeted healthcare organizations, manufacturing companies, and technology giants. They hit big money targets and demand huge ransoms. Threat assessors estimated the group has made over $100 million so far. The group demands far more in ransom than they typically receive. However, estimates say they average about $129,000 per strike.
Security experts say that the group operates like a legitimate company with a customer service department, support, and they use Craigslist to post job ads for new recruits. According to CNBC, one such ad read, “We have 1 position for a person that gains accesses to networks, that already have active accesses. Monday we’ll announce one of our largest attacks. We work 24x7. We are stable. We make money — a lot of money. We are waiting for you in our direct message.”
The group has a reputation for being ruthless and scary. As a result, many companies pay up because they are terrified that the stolen data will show up online and risk exposure that could damage their reputation or urge stakeholders to pull out.
