RansomHouse Targets United Urology Group in Major Ransomware Attack

Incident Date:

May 23, 2024

World map



RansomHouse Targets United Urology Group in Major Ransomware Attack


United Urology Group




Owings Mills, USA

Maryland, USA

First Reported

May 23, 2024

RansomHouse Targets United Urology Group in Major Ransomware Attack

Company Overview

United Urology Group, a management services organization, is a leading national network of urology specialists operating affiliate practices in Arizona, Colorado, Delaware, Maryland, and Tennessee. With 220 providers across 95 locations, it stands as one of the largest urology networks in the U.S., dedicated to providing high-quality urological care including surgeries, prostate care, and kidney stone treatments.

Details of the Attack

On April 5, 2024, United Urology Group fell victim to a ransomware attack orchestrated by the cybercriminal group RansomHouse. The attack resulted in the exfiltration and encryption of approximately 300GB of sensitive data. The data, critical to patient care and operations, is currently held ransom, with the disclosure of this data pending the group's response to the ransom demands.

RansomHouse: A Unique Threat

RansomHouse, distinct from traditional ransomware groups, focuses on data exfiltration rather than encryption. They threaten to publicly release stolen data if their demands are not met, leveraging stolen credentials and advanced penetration techniques to access networks. RansomHouse has been linked to other ransomware entities like White Rabbit and Hive, utilizing tools such as PowerShell and Mimikatz to maintain access and evade detection.

Vulnerabilities Exploited

The attack on United Urology Group underscores significant cybersecurity vulnerabilities within healthcare organizations. These vulnerabilities include inadequate network segmentation, weak password policies, and insufficient monitoring of remote access points. RansomHouse likely exploited compromised credentials to infiltrate the network, employing persistence mechanisms to maintain access and exfiltrate data using tools like 7-Zip for obfuscation.

Impact and Response

The breach has serious implications for United Urology Group, both in terms of operational disruption and potential reputational damage. With a reported revenue of $23.8 million and a workforce of 178 employees, the organization must now focus on mitigating the fallout, safeguarding patient data, and addressing the identified security gaps to prevent future attacks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.