Heartland Health Centers Targeted by LockBit 3.0 Ransomware

Incident Date:

May 9, 2024

World map



Heartland Health Centers Targeted by LockBit 3.0 Ransomware


Heartland Health Center




Lawrence, USA

Kansas, USA

First Reported

May 9, 2024

Ransomware Attack on Heartland Health Centers

Victim Profile

Heartland Health Centers, a comprehensive healthcare organization operating in the USA, was targeted in a ransomware attack by the LockBit 3.0 cybercriminal group. The organization provides integrated, patient-centered care, including primary care, dental services, reproductive health care, and a full-service pharmacy.

Company Size and Standout Features

Heartland Health Centers falls within the range of 1,001-5,000 employees and is known for its commitment to expanding access to healthcare, promoting healthy lifestyles, and building healthy communities. The organization has been recognized as one of the top 10% of health clinics in the country and has received awards for quality excellence in healthcare.

Vulnerabilities and Attack Details

The ransomware attack on Heartland Health Centers involved the exfiltration of 28 GB of sensitive data, including accounting, financial documents, HR records, confidential documents, and clinical data. The attackers, LockBit 3.0, leaked a sample of the exfiltrated data, highlighting the serious threat posed by cybercrime to organizations, especially those in the healthcare sector.

Ransomware Group Distinction

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous versions of LockBit. The group is known for its advanced encryption capabilities, obfuscation techniques, and the ability to move laterally through networks, making it challenging for security researchers to analyze and defend against.

Possible Penetration Methods

LockBit 3.0 has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations. The ransomware group may have penetrated Heartland Health Centers' systems through phishing emails, vulnerable software, or exploiting weak network security measures.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group that resurfaced following the disruption of its infrastructure in February during "Operation Cronos." Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach highlight the challenges in combating cybercrime effectively.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.