Ransomware Attack Exposes Data at Regent Care Center in San Antonio
Incident Date:
September 11, 2024
Overview
Title
Ransomware Attack Exposes Data at Regent Care Center in San Antonio
Victim
Regent Care Center Of Oakwell Farms
Attacker
Inc Ransom
Location
First Reported
September 11, 2024
Ransomware Attack on Regent Care Center of Oakwell Farms by INC Ransom
Regent Care Center of Oakwell Farms, a prominent nursing facility in San Antonio, Texas, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group INC Ransom. This attack has resulted in a full data leak, compromising sensitive information and potentially exposing personal and operational data to unauthorized entities.
About Regent Care Center of Oakwell Farms
Regent Care Center of Oakwell Farms operates under the registered name Regent Care Center of Oakwell Farms LP. The facility specializes in providing skilled nursing and rehabilitation services, catering to various patient needs in a supportive environment. With a capacity of 194 beds, the center offers a range of services including skilled nursing care, rehabilitation, and various on-site activities aimed at enhancing the quality of life for its residents. The center is known for its commitment to providing loving patient care in elegant surroundings, which distinguishes it from other facilities in the area.
Attack Overview
The ransomware attack on Regent Care Center of Oakwell Farms was claimed by the cybercriminal group INC Ransom via their dark web leak site. The attack has led to a full data leak, compromising sensitive information and potentially exposing personal and operational data to unauthorized entities. This breach underscores the growing threat of ransomware attacks on healthcare facilities, which often hold vast amounts of confidential patient and staff information.
About INC Ransom
INC Ransom is a highly sophisticated cybercriminal group known for its targeted ransomware attacks on corporate and organizational networks. The group employs advanced techniques such as spear-phishing campaigns, exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler, and using both Commercial Off-The-Shelf (COTS) software and legitimate system tools for reconnaissance and lateral movement within a network. INC Ransom's attacks involve not only encrypting data but also stealing it and threatening to release it publicly, a tactic known as double extortion, to increase pressure on victims to comply with ransom demands.
Penetration and Vulnerabilities
While specific details on how INC Ransom penetrated Regent Care Center's systems are not publicly disclosed, it is likely that the group exploited vulnerabilities in the center's cybersecurity infrastructure. Healthcare facilities are often targeted due to their vast amounts of sensitive data and sometimes outdated security measures. The use of spear-phishing campaigns and exploitation of known vulnerabilities are common tactics employed by INC Ransom to gain unauthorized access to networks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.