Ransomware Attack on American Clinical Solutions: A Healthcare Data Breach

Incident Date:

May 21, 2024

World map

Overview

Title

Ransomware Attack on American Clinical Solutions: A Healthcare Data Breach

Victim

American Clinical Solutions

Attacker

Ransomhub

Location

Sun City Center, USA

Florida, USA

First Reported

May 21, 2024

Ransomware Attack on American Clinical Solutions

Victim Overview

American Clinical Solutions (ACS) is a healthcare services company based in Sun City Center, Florida. They specialize in providing testing services, including urine and oral fluid confirmation laboratory toxicology services. With 84 employees and a revenue of $19.5 million, ACS is a significant player in the healthcare sector.

Company Standout

ACS stands out in the industry for its specialized testing services, particularly in the field of toxicology. They offer a wide range of testing services to various industries, ensuring the quality and safety of products.

Attack Overview

In May 2024, ACS fell victim to a ransomware attack orchestrated by the cybercrime group RansomHub. The attackers managed to exfiltrate 700 GB of highly sensitive data, compromising the personal information of 500,000 patients, including social security numbers, addresses, drug tests, medical records, and insurance data. A sample of this data has been leaked, highlighting the severe risks posed to healthcare organizations by ransomware.

Ransomware Group - RansomHub

RansomHub is a new ransomware group known for making claims and backing them up with data leaks. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare institutions being among the victims.

Attack Vulnerabilities

ACS's vulnerabilities in being targeted by threat actors likely stem from the sensitive nature of the data they handle. Healthcare organizations are prime targets for ransomware attacks due to the valuable patient information they possess. In this case, the attackers exploited vulnerabilities in ACS's systems to exfiltrate a large amount of data, posing a significant threat to patient privacy and security.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.