daixin attacks OAKBEND
Incident Date:
September 13, 2022
Overview
Title
daixin attacks OAKBEND
Victim
OAKBEND
Attacker
Daixin
Location
First Reported
September 13, 2022
OakBend Medical Center Hit by Ransomware Attack: A Comprehensive Analysis
Victim Profile
OakBend Medical Center, a nonprofit hospital system, serves the Houston metropolitan area with three hospitals, emergency centers, imaging centers, and physical therapy clinics. Renowned for its personalized patient care and community involvement, the center became a significant target for cybercriminals.
Size and Impact
The ransomware attack, occurring on September 1, 2022, compromised the sensitive data of over 500,000 individuals, potentially affecting more than one million patient records. The stolen data included names, dates of birth, addresses, email addresses, and social security numbers, marking a significant breach of privacy and security.
Vulnerabilities
This incident highlights the healthcare sector's susceptibility to cyber threats. The FBI Internet Crime Complaint Center (IC3) reports that healthcare accounts for 25% of ransomware complaints across all critical infrastructure sectors. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have identified Daixin Team as the group behind this and similar attacks, emphasizing their focus on the Healthcare and Public Health (HPH) Sector since June 2022.
Mitigation Strategies
In response, OakBend Medical Center collaborated with experts from Microsoft, Dell, and Malware Protects to eradicate the malware and rebuild its IT infrastructure. The adoption of multi-factor authentication and the implementation of a new software system for threat monitoring are critical steps towards enhancing their cybersecurity posture.
Sources
- OakBend Medical Center: Healthcare Services, Emergency Room
- OakBend Medical Center Hit with Ransomware; Attackers Claim to Have Stolen Personal Data of Millions of US Citizens
- Massive Ransomware Attack Slams Nonprofit Texas Hospital
- Texas Hospital Rebuilding Communication Systems After Ransomware Attack
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.