Ransomware Attack Hits Nevada Heart Vascular Center by BlackSuit
Incident Date:
August 31, 2024
Overview
Title
Ransomware Attack Hits Nevada Heart Vascular Center by BlackSuit
Victim
Nevada Heart Vascular Center
Attacker
Black Suit
Location
First Reported
August 31, 2024
Ransomware Attack on Nevada Heart Vascular Center by BlackSuit
The Nevada Heart Vascular Center, a leading healthcare facility specializing in comprehensive cardiovascular care in Southern Nevada, has fallen victim to a ransomware attack orchestrated by the cybercriminal group known as BlackSuit. This attack has compromised a significant amount of sensitive data, raising serious concerns about data security and patient confidentiality.
About Nevada Heart Vascular Center
Founded in 1998, Nevada Heart Vascular Center has grown to become the largest cardiology practice in Nevada, with a substantial presence in the local healthcare landscape. The center operates more than 40 locations and maintains active charts on approximately 84,000 patients. The medical team consists of experienced cardiologists who provide personalized treatment plans using advanced technology and innovative techniques. The center offers a wide array of services, including diagnostic and therapeutic procedures for heart-related issues such as coronary artery disease, heart rhythm disorders, congestive heart failure, and peripheral vascular disease.
Attack Overview
The ransomware attack was discovered on July 16, 2023, and has affected over 23,886 files and 6,713 directories, totaling more than 41 billion bytes of data. Critical files such as compliance documents, genetic testing results, and billing logs are among the compromised data. The center's website (nevadaheart.com) and phone number ((702) 227-3422) have potentially been affected. The attack has disrupted administrative documents, billing information, clinical scheduling, and medical records, impacting the center's operations and patient care.
About BlackSuit Ransomware Group
BlackSuit is a new ransomware family that emerged in 2023 and is closely related to the notorious Royal ransomware group. The ransomware targets both Windows and Linux systems, including VMware ESXi servers. It appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victim communication. Researchers have found a high degree of similarity between BlackSuit and Royal ransomware, suggesting that BlackSuit could be a new variant developed by the same authors, a copycat, or an affiliate of the Royal ransomware gang.
Potential Vulnerabilities
The extensive digital infrastructure and large patient base of Nevada Heart Vascular Center make it a lucrative target for ransomware groups like BlackSuit. The center's reliance on electronic medical records and advanced technology, while beneficial for patient care, also presents vulnerabilities that can be exploited by sophisticated cybercriminals. The attack underscores the critical need for enhanced cybersecurity measures in healthcare facilities to protect sensitive patient data and ensure uninterrupted medical services.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.