Healthcare Platform Sermo Hit by Ransomware Attack
Incident Date:
April 9, 2024
Overview
Title
Healthcare Platform Sermo Hit by Ransomware Attack
Victim
Sermo
Attacker
Blackbasta
Location
First Reported
April 9, 2024
Ransomware Attack on Sermo
A cyberattack perpetrated by BlackBasta targeted Sermo, a social network tailored for physicians. During the attack, 700 GB of sensitive data, including personal and financial records, as well as ongoing projects, were exfiltrated. Subsequently, a portion of this data was leaked, and a ransom deadline was set for April 16, 2024.
Victim Profile
Established in 2005 and headquartered in New York City, Sermo boasts a user base of over 305,000 verified US physicians and 38,000 UK physicians. With 82 employees, the company serves as a platform for medical professionals to engage in discussions, seek second opinions, and share insights.
Industry Standing
Sermo holds a unique position in the healthcare services sector as the largest healthcare professional polling and survey company globally, boasting 1.6 million healthcare professionals across 80 countries. Annually, the platform conducts around 700,000 surveys, fostering knowledge exchange and collaboration among healthcare professionals worldwide.
Vulnerabilities
Due to its significant presence in the healthcare industry and the sensitive nature of the data it handles, Sermo became an attractive target for BlackBasta. The ransomware group's tactics, including double extortion and encryption using the XChaCha20 algorithm, pose a substantial threat to the operations of platforms like Sermo. BlackBasta's ransom demands, often reaching millions of dollars, could inflict severe financial repercussions on the affected organizations.
Sources:
- Pitchbook - Sermo Company Profile
- Craft - Sermo Overview
- Tracxn - Sermo Company Information
- RocketReach - Sermo Profile
- BBB - Sermo Inc. Profile
- Proven Data - Black Basta Ransomware
- Tata Communications - Guide to Black Basta Ransomware
- HHS - Black Basta Threat Profile
- Darktrace - Black Basta Old Dogs with New Tricks
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.