Ransomware Hits Sports & Spine Orthopaedics: Patient Data at Risk

Incident Date:

August 31, 2024

World map

Overview

Title

Ransomware Hits Sports & Spine Orthopaedics: Patient Data at Risk

Victim

Sports & Spine Orthopaedics

Attacker

Rhysida

Location

Shelby Township, USA

Michigan, USA

First Reported

August 31, 2024

Ransomware Attack on Sports & Spine Orthopaedics by Rhysida Group

Sports & Spine Orthopaedics, a specialized medical practice located in Torrance and El Segundo, California, has recently fallen victim to a ransomware attack orchestrated by the Rhysida Ransomware Group. The attack has put sensitive patient information and the practice's operations at significant risk, with the cybercriminals threatening to publish the stolen data within the next 6-7 days.

About Sports & Spine Orthopaedics

Sports & Spine Orthopaedics is a medical practice specializing in orthopedic surgery, sports medicine, and spine care. The practice operates two locations in Southern California and is known for its comprehensive orthopedic care offerings, including sports medicine, joint replacement, pain management, physical therapy, and pediatric orthopedics. The clinic employs board-certified physicians and offers on-site surgical facilities, diagnostic imaging, and physical therapy to provide integrated care. Despite being a relatively small practice with around 25 employees, Sports & Spine Orthopaedics stands out for its commitment to high-quality, patient-centered care and innovative treatment options.

Attack Overview

The Rhysida Ransomware Group has claimed responsibility for the attack on Sports & Spine Orthopaedics via their dark web leak site. The ransomware, written in C++, targets the Windows Operating System and employs the ChaCha20 encryption algorithm. The group uses a double extortion technique, stealing data before encrypting it and threatening to publish it unless a ransom is paid. The ransom notes are generated as PDF documents named “CriticalBreachDetected.pdf” and are saved within the affected folders on the targeted drives.

About Rhysida Ransomware Group

First sighted in May 2023, the Rhysida Ransomware Group has quickly made a name for itself in the cybercrime arena. The group primarily targets sectors such as healthcare, education, manufacturing, information technology, and government. Rhysida employs various methods for deploying ransomware, including phishing campaigns and leveraging valid credentials to establish network connections through VPN. The group uses tools like Advance IP/Port Scanner and Sysinternals PsExec for lateral movement within victim networks.

Potential Vulnerabilities

Sports & Spine Orthopaedics, like many healthcare providers, is a prime target for ransomware attacks due to the sensitive nature of the data they handle. The practice's reliance on integrated digital systems for patient care, diagnostic imaging, and physical therapy makes it vulnerable to cyber threats. The Rhysida group's ability to leverage valid credentials and establish network connections through VPN suggests that the initial breach could have been facilitated by compromised employee credentials or insufficiently secured remote access points.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.