Ransomware Attack on Surrey Place Healthcare & Rehabilitation

Incident Date:

May 15, 2024

World map



Ransomware Attack on Surrey Place Healthcare & Rehabilitation


Surrey Place Healthcare & Rehabilitation




Bradenton, USA

Florida, USA

First Reported

May 15, 2024

Ransomware Attack on Surrey Place Healthcare & Rehabilitation

Victim Overview

Surrey Place Healthcare & Rehabilitation, a 74-bed Skilled Nursing facility located in Bradenton, Florida, was targeted in a cyberattack by the Rhysida ransomware group. The facility provides rehabilitation services, long-term care, and skilled nursing care for individuals in need of medical assistance and support.

Company Profile

The company focuses on improving the outcome and functional ability of each individual by offering a range of services, including short-stay rehabilitation, long-term care, and outpatient services. The facility is known for its specialized therapeutic modalities and expert assistance, helping patients achieve their highest level of functional independence.

Company Standout

Surrey stands out in the industry for its individualized approach to patient care, partnering with physicians, patients, and their families to ensure successful patient outcomes. The facility's separate rehabilitation unit with private suites provides a comfortable environment for recovery.

Company Vulnerabilities

Being in the healthcare sector, Surrey Place Healthcare & Rehabilitation is a prime target for threat actors due to the sensitive nature of the data they handle, including patient records and medical information. The facility's reliance on digital systems for patient care and administrative purposes makes them vulnerable to ransomware attacks like the one carried out by the Rhysida group.

Attack Overview

Rhysida ransomware targeted Surrey Place Healthcare & Rehabilitation's website, demanding a ransom of 6 BTC (approximately $390,000). While the specific amount of stolen data is undisclosed, it likely included sensitive information such as personally identifiable information (PII). Some data was leaked as a result of the attack, further emphasizing the impact of ransomware attacks on organizations.

Ransomware Group Details

The Rhysida Ransomware Group is known for its double extortion technique, stealing data before encrypting it and threatening to publish it unless a ransom is paid. The group primarily targets sectors like healthcare, education, government, and manufacturing. Rhysida's ransomware is deployed through various methods, including phishing campaigns, and is designed to target Windows Operating Systems.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.