Rhysida claims ransomware attack on Prospect Medical, threatens to sell data



Since then, PMH hospital networks, such as CharterCare, now state that systems are up and running again but are still restoring patient records.

"Work to input paper patient records used by our caregivers while our systems were down into our electronic medical record (EMR) system is ongoing," reads a notice on CharterCare.org.

However, BleepingComputer was told there had been no communication to employees about whether their data was stolen in the attack.

Rhysida claims attack

Rhysida is a ransomware operation that launched in May 2023 and quickly rose to notoriety after attacking the Chilean Army (Ejército de Chile) and leaking its data.

Earlier this month, the US Department of Health and Human Services (HHS) warned that the Rhysida gang was behind recent attacks on healthcare organizations.

Now, the Rhysida ransomware gang has claimed the attack on Prospect Medical Holdings, threatening to sell the company's allegedly stolen data for 50 Bitcoins (worth $1.3 million).

The threat actors claim that they stole 1 TB of documents and a 1.3 TB SQL database containing 500,000 social security numbers, passports, driver's licenses, corporate documents, and patient's medical information.

"They kindly provided: more than 500000 SSN, passports of their clients and employees, driver's licenses, patient files (profile, medical history), financial and legal documents!!!," reads the Rhysida data leak site.

The gang's data leak site also shared numerous screenshots of driver's licenses, social security cards, documents, and what appears to be patients' medical information.

Some screenshots showed leaked documents containing letterhead for Eastern Connecticut Health Network, one of PMH's hospital networks.

BleepingComputer has contacted PMH with questions about the leaked data but has not received a response at this time.

Source: BleepingComputer