Ransomware Attack on Northeast Rehabilitation Hospital Network by Hunters International

Incident Date:

July 18, 2024

World map

Overview

Title

Ransomware Attack on Northeast Rehabilitation Hospital Network by Hunters International

Victim

Northeast Rehabilitation Hospital Network

Attacker

Hunters International

Location

Salem, USA

New Hampshire, USA

First Reported

July 18, 2024

Ransomware Attack on Northeast Rehabilitation Hospital Network by Hunters International

Overview of Northeast Rehabilitation Hospital Network

Northeast Rehabilitation Hospital Network (NRHN) is a leading healthcare provider specializing in comprehensive rehabilitation services. Founded in 1984 by Dr. Howard Gardner, an Army neurosurgeon, NRHN operates four acute inpatient rehabilitation hospitals in Salem, Nashua, Portsmouth, and Manchester, New Hampshire. Additionally, the network includes over 25 outpatient clinics and specialized divisions for sports medicine and pediatric care. With a workforce of over 1,000 professionals, NRHN is dedicated to patient-centered care and rehabilitation excellence, generating approximately $80 million in annual revenue.

Details of the Ransomware Attack

The ransomware group Hunters International has claimed responsibility for a cyberattack on NRHN, asserting that they have exfiltrated 410.6GB of sensitive data. This breach poses a significant threat to the hospital's operations and patient confidentiality. The attack was announced on Hunters International's dark web leak site, where they threatened to release the stolen data unless a ransom is paid.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International's ransomware code contains approximately 60% overlap with Hive ransomware version 61, indicating a shared technical lineage. The group focuses on exfiltrating target data and extorting victims with ransom demands in exchange for the return of the stolen data.

Potential Vulnerabilities and Penetration Methods

NRHN's extensive network of inpatient and outpatient facilities, combined with its significant volume of sensitive patient data, makes it an attractive target for ransomware groups like Hunters International. The group's tactics likely involved exploiting vulnerabilities in NRHN's cybersecurity infrastructure, such as outdated software, weak passwords, or insufficient employee training on phishing attacks. Given the technical sophistication of Hunters International, it is plausible that they used advanced encryption methods and social engineering techniques to penetrate NRHN's systems.

Impact on NRHN

The ransomware attack on NRHN has the potential to cause severe operational disruptions and financial losses. The exfiltration of 410.6GB of sensitive data could lead to significant reputational damage and legal ramifications, particularly concerning patient confidentiality and compliance with healthcare regulations. NRHN's commitment to high-quality care and patient safety is now under scrutiny as they navigate the aftermath of this cyberattack.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.