Ransomware Attack on Instituto Cardiovascular del Cesar by Meow Ransomware Group

On September 2, 2024, the Instituto Cardiovascular del Cesar (ICVC), a prominent healthcare institution in Colombia, specializing in cardiovascular care, became the latest victim of a ransomware attack orchestrated by the notorious Meow ransomware group. This incident has raised significant concerns about the security of sensitive medical information and the potential impact on patient care and privacy.

About Instituto Cardiovascular del Cesar

Instituto Cardiovascular del Cesar S.A. (ICVC) is a private healthcare organization based in Valledupar, Colombia. Established in 2005, ICVC specializes in medium and high-complexity cardiovascular services. The institution is dedicated to providing advanced medical services, particularly in the field of cardiovascular health, for both adult and pediatric patients. ICVC is known for its modern, comfortable, and safe infrastructure, backed by high scientific and technological quality. The organization employs approximately 501-1,000 people and has shown notable financial performance in recent years, with a significant increase in net sales revenue and total assets in 2023.

Attack Overview

The ransomware attack on ICVC was claimed by the Meow ransomware group via their dark web leak site. The extent of the data leak remains unknown at this time. The attack has raised significant concerns about the security of sensitive medical information and the potential impact on patient care and privacy. Given ICVC's focus on high-quality, patient-centered cardiovascular care, the breach could have severe implications for the institution's operations and reputation.

About Meow Ransomware Group

Meow Ransomware is a ransomware group that emerged in late 2022, associated with the Conti v2 ransomware variant. The group resurfaced in late 2023 and has been highly active in 2024, primarily targeting victims in the United States. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group is known for targeting industries with sensitive data, such as healthcare and medical research, and frequently posts victim data on their leak site if the ransom is not paid.

Potential Vulnerabilities

ICVC's focus on high-complexity cardiovascular services and its extensive use of advanced medical technologies make it a prime target for ransomware attacks. The institution's reliance on digital systems for patient care, diagnostic imaging, laboratory services, and interventional cardiology procedures increases its vulnerability to cyber threats. Additionally, the healthcare sector's sensitive data, including patient records and medical research, is highly valuable to threat actors like the Meow ransomware group.

Penetration Methods

Meow Ransomware could have penetrated ICVC's systems through various methods, including phishing emails, exploiting RDP vulnerabilities, or using exploit kits. The group's use of the ChaCha20 and RSA-4096 encryption algorithms makes it challenging for victims to decrypt their files without paying the ransom. The attack on ICVC underscores the importance of stringent cybersecurity measures in protecting sensitive medical information and ensuring the continuity of patient care.

• Instituto Cardiovascular del Cesar
• SOCRadar - Dark Web Profile: Meow Ransomware
• EMIS - Instituto Cardiovascular del Cesar S.A.
• SalvageData - Meow Ransomware
• WatchGuard - Meow Ransomware