Ransomware Attack on Vitaldent by MadLiberator Disrupts Healthcare Sector

Incident Date:

July 17, 2024

World map

Overview

Title

Ransomware Attack on Vitaldent by MadLiberator Disrupts Healthcare Sector

Victim

Vitaldent

Attacker

Mad Liberator

Location

Madrid, Spain

, Spain

First Reported

July 17, 2024

Ransomware Attack on Vitaldent by MadLiberator

Overview of Vitaldent

Vitaldent is a prominent dental clinic chain operating primarily in Spain and Italy, with a significant presence in the healthcare services sector. Founded in 1989 and headquartered in Madrid, Spain, the company operates under the parent company Inversiones Odontológicas 2016, S.L.U. Vitaldent offers a comprehensive range of dental treatments, including teeth cleaning, fillings, extractions, root canals, crowns, bridges, dentures, and orthodontics. The company employs over 2,500 staff members and has received $135.9 million in total funding to support its growth and expansion efforts.

Attack Overview

Vitaldent recently fell victim to a ransomware attack orchestrated by the MadLiberator group. The cybercriminals claimed responsibility for the breach, showcasing their access to the company's internal files by posting a screenshot of files purportedly containing patient follow-ups and invoices. Vitaldent confirmed the attack via email, stating that they had promptly informed the relevant authorities and filed a report with law enforcement. The company assured that Donte Group's technical team had taken all necessary measures to safeguard the clinic's information security. The impact was limited to a single clinic, which resumed normal operations within hours. Vitaldent did not disclose the ransom amount demanded nor specified whether any personal patient data had been compromised.

About MadLiberator

MadLiberator is a notorious ransomware group recognized for its targeted attacks on various organizations worldwide. The group has recently gained significant attention for its high-profile operations, including an attack on the Italian Ministry of Culture. MadLiberator employs sophisticated encryption methods, specifically AES/RSA, to lock victim files. The group asserts that while the files are encrypted, they are not damaged, emphasizing the potential for data recovery upon ransom payment. Their tactics include legal threats and intimidation, warning victims about potential legal repercussions under regulations like GDPR and CCPA if their data is misused.

Penetration and Vulnerabilities

While the exact method of penetration used by MadLiberator to breach Vitaldent's systems remains undisclosed, common vulnerabilities in healthcare organizations include outdated software, lack of employee training on phishing attacks, and insufficient network security measures. Given Vitaldent's extensive network of clinics and significant market presence, the company is an attractive target for ransomware groups seeking to exploit these vulnerabilities for financial gain.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.