Millinocket Hospital Hit by RansomHub Ransomware: Data at Risk

Incident Date:

July 25, 2024

World map

Overview

Title

Millinocket Hospital Hit by RansomHub Ransomware: Data at Risk

Victim

Millinocket Regional Hospital

Attacker

Ransomhub

Location

Millinocket, USA

Maine, USA

First Reported

July 25, 2024

RansomHub Ransomware Attack on Millinocket Regional Hospital

Overview of Millinocket Regional Hospital

Millinocket Regional Hospital (MRH) is a not-for-profit healthcare organization located in Millinocket, Maine. Established in 1952, MRH operates as a Critical Access Hospital (CAH), providing essential medical services to the Katahdin Region, including Millinocket, East Millinocket, and Medway. The 25-bed facility offers a wide array of medical and surgical services, including Family Practice, General Surgery, Internal Medicine, Orthopedics, and specialized care through visiting consultants. MRH is dedicated to financial accessibility, offering discounted care to eligible patients.

Details of the Ransomware Attack

On July 26, 2024, Millinocket Regional Hospital was targeted by the ransomware group RansomHub. The attackers claim to have exfiltrated 10 GB of sensitive data from the hospital's systems. The cybercriminals have set a ransom deadline, demanding payment to prevent the release of the stolen information. The attack has raised significant concerns about the security of patient data and the hospital's operational integrity.

About RansomHub

RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a notable focus on healthcare institutions. RansomHub's ransomware strains are written in Golang, a trend that is becoming more common in the ransomware landscape.

Potential Vulnerabilities and Penetration Methods

The attack on MRH highlights potential vulnerabilities in the hospital's cybersecurity infrastructure. As a critical access hospital, MRH may have limited resources dedicated to cybersecurity, making it an attractive target for ransomware groups. RansomHub could have penetrated the hospital's systems through phishing emails, exploiting unpatched software vulnerabilities, or leveraging weak network security protocols. The use of Golang in their ransomware strains suggests a sophisticated approach, potentially bypassing traditional security measures.

Impact on the Healthcare Sector

The attack on Millinocket Regional Hospital underscores the growing threat of ransomware in the healthcare sector. Hospitals and healthcare providers are particularly vulnerable due to the critical nature of their services and the sensitive data they handle. The incident serves as a stark reminder of the need for robust cybersecurity measures to protect patient data and ensure the continuity of healthcare services.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.