Ransomware Hits Rocky Mountain Gastroenterology in Denver
Incident Date:
October 13, 2024
Overview
Title
Ransomware Hits Rocky Mountain Gastroenterology in Denver
Victim
Rocky Mountain Gastroenterology
Attacker
Meow
Location
First Reported
October 13, 2024
Ransomware Attack on Rocky Mountain Gastroenterology by Meow Group
Rocky Mountain Gastroenterology (RMG), a leading healthcare provider in Denver, Colorado, specializing in gastrointestinal disorders, has been targeted by the Meow ransomware group. This attack has compromised over 80 GB of sensitive data, posing significant risks to patient and employee privacy.
About Rocky Mountain Gastroenterology
Founded in 1997, RMG is a prominent gastroenterology practice with 15 offices and six advanced endoscopy centers across the Greater Denver area. The organization employs approximately 193 staff members, including 30 board-certified gastroenterologists, and performs nearly 30,000 procedures annually. RMG is recognized for its comprehensive care, cost-effective treatment options, and commitment to community education. Their extensive network and strategic partnerships with local hospitals make them a vital resource for digestive health in Colorado.
Details of the Ransomware Attack
The Meow ransomware group has demanded a ransom of $200,000 to prevent the release of the stolen data. The compromised information includes employee data, client information, scanned payment documents, and personal data such as Social Security numbers and medical records. Additionally, business proposals, audit results, and internal financial documents have been exposed. This breach threatens RMG's reputation and operational integrity, highlighting vulnerabilities in their cybersecurity defenses.
Profile of the Meow Ransomware Group
Emerging in late 2022, the Meow ransomware group is associated with the Conti v2 ransomware variant. Known for targeting industries with sensitive data, such as healthcare, they employ various infection methods, including phishing emails and exploiting RDP vulnerabilities. The group uses a combination of ChaCha20 and RSA-4096 algorithms to encrypt data and demands ransom payments via email or Telegram. Their data leak site lists victims who have not paid the ransom, primarily targeting organizations in the United States.
Potential Vulnerabilities and Penetration Methods
RMG's extensive network and reliance on digital systems for patient care and data management may have made them susceptible to this attack. The Meow group likely exploited vulnerabilities in RMG's cybersecurity infrastructure, potentially through phishing or exploiting remote access protocols. This incident underscores the critical need for effective cybersecurity measures in healthcare organizations to protect sensitive data from sophisticated threat actors.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.