The Vice Society ransomware group states to have carried out a ransomware attack on United Health Centers of San Joaquin Valley, a healthcare provider in California. United Health Centers manages over 20 community health centers in the counties of Fresno, Tulare, and Kings.
The Vice Society ransomware gang appeared in the middle of-2021 and is thought to originate from the HelloKitty ransomware group. The group is known to employ various strategies to obtain access to the network of victims, such as taking advantage of vulnerabilities for example the PrintNightmare bugs.
The group is noted for exfiltrating information from its victim’s systems before deploying ransomware to encrypt data files. Information is then posted on its data leak website to compel victims to give the ransom payment. This attack seems to be the same. Bleeping Computer states it was informed on August 31, 2021 regarding the United Health Centers ransomware attack by a respected cybersecurity community member who mentioned the healthcare company’s whole network was closed down because of the attack.
The cyberattack report is not yet displayed on the HHS’ Office for Civil Rights Breach website or the California Attorney General and United Health Centers website when this was written. HIPAA requires covered entities to issue breach notifications within 60 days after discovering a breach.
Bleeping Computer states that the Vice Society group has already exposed information purportedly acquired during the attack on its data leak site, a number of which includes protected health information (PHI). Databreaches.net has examined a few of the dumped records and affirmed they included PHI for example names, birth dates, insurance details, diagnostic codes, treatment and service codes, and dates of service, in addition to a folder that contains records of patients who had delinquencies on their accounts and were forwarded to debt collection services in 2012. A few of those data files contained patients’ diagnosis data, other types of PHI, and Social Security numbers.
Bleeping Computer stated the attack resulted in a serious interruption to its IT systems, though the healthcare company had backups not affected by the attack. United Health Centers has already begun re-imaging computer systems and reestablishing information from backups. That, together with the data dump, hints that it paid the ransom.
Bleeping Computer and Databreaches.net mentioned they tried to contact United Health Centers several times however it did not give a response regarding the attack.
Although a number of ransomware-as-a-service operations put limitations on industry markets to attack and steer clear of the healthcare sector, Vice Society undoubtedly is not one of them. Around 20% of its attacks are executed on the healthcare industry.