Ransomware Attack Hits New Jersey Oral & Maxillofacial Surgery Associates
Incident Date:
June 12, 2024
Overview
Title
Ransomware Attack Hits New Jersey Oral & Maxillofacial Surgery Associates
Victim
New Jersey Oral & Maxillofacial Surgery Associates
Attacker
Clop
Location
First Reported
June 12, 2024
Ransomware Attack on New Jersey Oral & Maxillofacial Surgery Associates
Overview of the Victim
New Jersey Oral & Maxillofacial Surgery Associates, a specialized medical practice, has been serving Northern New Jersey for over 37 years. The practice, led by board-certified surgeons, focuses on the diagnosis and treatment of conditions related to the mouth, jaw, face, and neck. They offer services such as tooth extractions, facial trauma treatment, corrective jaw surgery, dental implant surgery, and cosmetic procedures. The practice operates in both outpatient and hospital settings, with offices in Hackensack, Ridgefield, and North Bergen, NJ.
Details of the Attack
On June 12, 2024, the ransomware group Clop claimed responsibility for an attack on New Jersey Oral & Maxillofacial Surgery Associates. The attack was disclosed on Clop's dark web leak site, with the size of the data breach remaining unknown. This incident follows a warning from the FBI on May 8, 2024, about credible cybersecurity threats targeting dental practices, particularly oral and maxillofacial surgeons.
About the Clop Ransomware Group
Clop is a sophisticated and financially motivated ransomware group active since early 2019. Associated with the TA505 threat group, Clop operates on a ransomware-as-a-service model. The group targets large enterprises across various sectors, including healthcare. Clop employs advanced techniques to evade security controls and has been known to exploit vulnerabilities in software like Accellion FTA and MOVEit Transfer. They use a data leak site on the Tor network to release stolen data from non-compliant victims.
Potential Vulnerabilities
New Jersey Oral & Maxillofacial Surgery Associates, like many healthcare providers, may have vulnerabilities that make them attractive targets for ransomware groups. These can include outdated software, insufficient cybersecurity measures, and a lack of awareness about emerging threats. The practice's extensive referral network and reliance on digital records could also increase their risk profile.
Penetration Methods
Clop likely penetrated the company's systems through phishing emails, malicious attachments, or exploiting known software vulnerabilities. The group's use of advanced tools like Cobalt Strike and remote access trojans further complicates detection and mitigation efforts.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.