LockBit 3.0 Strikes Malama I Ke Ola Health Center

Incident Date:

June 7, 2024

World map

Overview

Title

LockBit 3.0 Strikes Malama I Ke Ola Health Center

Victim

Malama I Ke Ola Health Center

Attacker

Lockbit3

Location

Wailuku, USA

Hawaii, USA

First Reported

June 7, 2024

LockBit 3.0 Ransomware Attack on Malama I Ke Ola Health Center

Overview of Malama I Ke Ola Health Center

Situated in Wailuku, Maui, Hawaii, Malama I Ke Ola Health Center is a comprehensive primary care clinic serving nearly 12,000 patients. The center offers integrated health services focusing on physical, mental, and behavioral health. Their family-centered approach includes care for newborns, children, adolescents, and young adults up to 26 years of age. The health center also provides OB/GYN and dental services, and their street medicine team delivers care to homeless and marginalized populations.

Details of the Ransomware Attack

In early June 2024, the LockBit 3.0 ransomware group executed an attack on Malama I Ke Ola Health Center, causing significant operational disruptions. The health center abruptly closed due to IT issues and remained shut for over two weeks, recently reopening with limited services and resorting to paper charting. Patients were initially informed of the closure via text on May 7th, followed by multiple extensions, causing considerable stress for both patients and staff. Concerns have arisen regarding the challenges of reverting to paper records and the potential backlog once systems are restored. Despite fears of data breaches, there has been no confirmation of any breach of confidentiality.

About LockBit 3.0 Ransomware Group

LockBit 3.0, also known as LockBit Black, is an advanced variant of the LockBit ransomware group, emerging in 2022. It operates under a Ransomware-as-a-Service (RaaS) model, allowing other cybercriminals to use their malware for attacks. LockBit 3.0 is known for its enhanced infection capacities and customization options, making it one of the most dangerous and disruptive ransomware threats. The group has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations globally.

Potential Vulnerabilities and Penetration

The attack on Malama I Ke Ola Health Center coincided with the center's planned transition to a new electronic health record system starting April 20th, leading to speculation about its role in the IT issues. The health center's reliance on digital systems for comprehensive care made it a prime target for ransomware attacks. LockBit 3.0's ability to move laterally through a network and delete traces of itself likely facilitated the penetration and subsequent disruption of the health center's operations.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.