ransomexx attacks Scottish Association for Mental Health

Incident Date:

March 20, 2022

World map

Overview

Title

ransomexx attacks Scottish Association for Mental Health

Victim

Scottish Association for Mental Health

Attacker

Ransomexx

Location

Glasgow, United Kingdom

Glasgow, United Kingdom

First Reported

March 20, 2022

Scottish Association for Mental Health (SAMH) Targeted by Ransomware Group Ransomexx

About SAMH

The Scottish Association for Mental Health (SAMH) is a pivotal mental health charity dedicated to providing care and support for adults and young people grappling with mental health issues. Beyond its direct support services, SAMH is actively involved in campaigning to foster positive social change within Scotland. With a history spanning over a century, SAMH has cemented its role as a key player in the healthcare services sector.

Impact of the Attack

The ransomware attack orchestrated by Ransomexx has led to the unauthorized disclosure of sensitive personal information. This includes unredacted photographs of individuals' driving licenses and passports, personal details such as volunteers' home addresses and phone numbers, and even passwords and credit card information. The breach has severely disrupted SAMH's email and phone services, thereby affecting their ability to provide support services across Scotland.

Vulnerabilities and Response

This incident underscores the heightened vulnerabilities faced by organizations within the healthcare sector to cyber threats. Ransomware attacks, such as the one experienced by SAMH, can inflict considerable harm, disrupting operational services and compromising the privacy and security of sensitive data. In response, SAMH is actively collaborating with various agencies, including Police Scotland, to address the breach and implement measures aimed at mitigating its impact.

The ransomware attack on SAMH underscores the critical need for robust cybersecurity defenses in the healthcare sector. It is imperative for organizations to remain vigilant and proactive in safeguarding their systems and the sensitive data they manage.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.