Healthcare Platform Sermo Hit by Ransomware Attack

Incident Date:

April 9, 2024

World map

Overview

Title

Healthcare Platform Sermo Hit by Ransomware Attack

Victim

Sermo

Attacker

Blackbasta

Location

New York, USA

New York, USA

First Reported

April 9, 2024

Ransomware Attack on Sermo

A cyberattack perpetrated by BlackBasta targeted Sermo, a social network tailored for physicians. During the attack, 700 GB of sensitive data, including personal and financial records, as well as ongoing projects, were exfiltrated. Subsequently, a portion of this data was leaked, and a ransom deadline was set for April 16, 2024.

Victim Profile

Established in 2005 and headquartered in New York City, Sermo boasts a user base of over 305,000 verified US physicians and 38,000 UK physicians. With 82 employees, the company serves as a platform for medical professionals to engage in discussions, seek second opinions, and share insights.

Industry Standing

Sermo holds a unique position in the healthcare services sector as the largest healthcare professional polling and survey company globally, boasting 1.6 million healthcare professionals across 80 countries. Annually, the platform conducts around 700,000 surveys, fostering knowledge exchange and collaboration among healthcare professionals worldwide.

Vulnerabilities

Due to its significant presence in the healthcare industry and the sensitive nature of the data it handles, Sermo became an attractive target for BlackBasta. The ransomware group's tactics, including double extortion and encryption using the XChaCha20 algorithm, pose a substantial threat to the operations of platforms like Sermo. BlackBasta's ransom demands, often reaching millions of dollars, could inflict severe financial repercussions on the affected organizations.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.