Ransomware Attack Exposes Sensitive Data at APMS Healthcare Firm
Incident Date:
September 11, 2024
Overview
Title
Ransomware Attack Exposes Sensitive Data at APMS Healthcare Firm
Victim
Advanced Physician Management Services LLC
Attacker
Meow
Location
First Reported
September 11, 2024
Ransomware Attack on Advanced Physician Management Services LLC
Advanced Physician Management Services LLC (APMS), a healthcare management and accounting services provider based in Jenkintown, Pennsylvania, has recently fallen victim to a ransomware attack orchestrated by the notorious group known as "Meow." The attackers have claimed responsibility for the breach and are offering over 3 GB of highly confidential data for sale on their dark web leak site.
Company Overview
APMS operates primarily in the healthcare sector, providing a range of essential services aimed at improving the operational efficiency of medical practices. Their offerings include medical billing, coding, compliance, human resources, and financial management. The company employs around 15 people and generates an annual revenue of $4.3 million. APMS is distinguished by its expertise in medical billing and coding, which ensures healthcare providers receive appropriate reimbursements and maintain compliance with federal regulations.
Attack Details
The ransomware attack has resulted in the theft of sensitive employee information, patient details such as dates of birth and Social Security numbers, scans of payment documents, lab test results, medical records, patient prescriptions, internal financial documents, and certifications. The stolen data is being marketed as a valuable asset for industry analysts, healthcare professionals, and others interested in the healthcare management sector. The attackers are soliciting buyers through a registration process, promising a smooth and confidential transaction.
About Meow Ransomware Group
Meow Ransomware is a group that emerged in late 2022 and has been associated with the Conti v2 ransomware variant. They are known for targeting industries with sensitive data, such as healthcare and medical research. The group employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. Meow Ransomware leaves behind a ransom note named "readme.txt" that instructs victims to contact the group via email or Telegram to negotiate the ransom payment.
Vulnerabilities and Penetration
APMS's vulnerabilities likely stem from the highly sensitive nature of the data they handle, making them an attractive target for ransomware groups like Meow. The attack could have penetrated the company's systems through various methods, including phishing emails or exploiting RDP vulnerabilities. The healthcare sector's reliance on digital records and the need for compliance with stringent regulations make it particularly susceptible to such attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.