Ransomware Attack Disrupts Ohio Mental Health Center, Patient Data at Risk
Incident Date:
August 21, 2024
Overview
Title
Ransomware Attack Disrupts Ohio Mental Health Center, Patient Data at Risk
Victim
Scioto Paint Valley Mental Health Center
Attacker
Abyss
Location
First Reported
August 21, 2024
Ransomware Attack on Scioto Paint Valley Mental Health Center by Abyss Group
The Scioto Paint Valley Mental Health Center (SPVMHC), a nonprofit community mental health organization in Ohio, has recently fallen victim to a ransomware attack orchestrated by the Abyss ransomware group. This incident has raised significant concerns about the security of sensitive patient data and the operational integrity of healthcare services.
About Scioto Paint Valley Mental Health Center
SPVMHC serves a five-county area in Ohio, including Ross, Pike, Pickaway, Fayette, and Highland counties. The center provides comprehensive mental health and substance abuse services, including outpatient counseling, residential facilities, medication-assisted treatment, crisis services, day treatment programs, integrated care, and an on-site pharmacy. With a staff size ranging between 51 and 200 employees and an annual revenue of approximately $14 million, SPVMHC plays a crucial role in fostering mental health and recovery within the community.
Attack Overview
The Abyss ransomware group claimed responsibility for the attack on SPVMHC via their dark web leak site. The attack has potentially compromised sensitive patient data and disrupted the center's digital infrastructure. The exact extent of the damage is still being assessed, but the implications for patient privacy and service continuity are severe.
About Abyss Ransomware Group
The Abyss ransomware group emerged in March 2023, primarily targeting VMware ESXi environments. They are known for their multi-extortion tactics, which include exfiltrating data and threatening to release it if ransom demands are not met. The group has targeted various industries, including healthcare, finance, manufacturing, and information technology, with a significant focus on the United States.
Penetration and Distinguishing Features
Abyss ransomware typically gains initial access through weak SSH configurations and brute force attacks on exposed servers. Their payloads, derived from the Babuk codebase, function similarly across both Windows and Linux systems. Encrypted files are marked with the ".crypt" extension, and ransom notes are left in affected directories. The group's ability to target both Windows and Linux systems makes them particularly versatile and dangerous.
Vulnerabilities and Impact
Healthcare institutions like SPVMHC are particularly vulnerable to ransomware attacks due to the sensitive nature of the data they handle and the critical services they provide. The attack on SPVMHC highlights the urgent need for enhanced cybersecurity measures in the healthcare sector to protect against such threats and ensure the continuity of essential services.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.