Daixin attacks Columbus Regional Healthcare System

Incident Date:

June 10, 2023

World map

Overview

Title

Daixin attacks Columbus Regional Healthcare System

Victim

Columbus Regional Healthcare System

Attacker

Daixin

Location

Whiteville, USA

North Carolina, USA

First Reported

June 10, 2023

The Daixin Ransomware Gang's Attack on Columbus Regional Healthcare System

The Daixin ransomware gang has attacked the Columbus Regional Healthcare System. The Columbus Regional Healthcare System is a nationally recognized health system serving a ten-county region in south-eastern Indiana. Daixin has stolen and leaked 70GB of private information, including sensitive patient data. Although it's unknown what the ransomware gang demanded as ransom, the fact that Daixin leaked the data suggests that the Columbus Regional Healthcare System refused to pay.

The Daixin Group: A Ransomware Gang

The Daixin Group is a ransomware gang. Since approximately June 2022, they have focused on the HPH Sector. Their modus operandi involves deploying ransomware to encrypt critical servers responsible for healthcare services, including electronic health records, diagnostics, imaging, and intranet services. Additionally, they engage in exfiltrating sensitive personal identifiable information (PII) and patient health information (PHI), threatening to release it unless a ransom is paid.

Method of Attack

To gain initial access to their victims, the Daixin actors exploit vulnerabilities in virtual private network (VPN) servers. One known instance involved exploiting an unpatched vulnerability in the target organization's VPN server. In another case, they used previously compromised credentials to access a legacy VPN server lacking multifactor authentication (MFA). The actors likely acquired VPN credentials by using a phishing email containing a malicious attachment.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.