Rhysida Ransomware Hits Oklahoma Nursing Home in Cyberattack
Incident Date:
October 3, 2024
Overview
Title
Rhysida Ransomware Hits Oklahoma Nursing Home in Cyberattack
Victim
Golden Age Nursing Home
Attacker
Rhysida
Location
First Reported
October 3, 2024
Rhysida Ransomware Group Targets Golden Age Nursing Home in Guthrie, Oklahoma
The Rhysida Ransomware Group has claimed responsibility for a cyberattack on Golden Age Nursing Home, a private healthcare facility located in Guthrie, Oklahoma. This attack highlights the growing threat of ransomware to healthcare institutions, particularly those reliant on public funding sources such as Medicaid.
Golden Age Nursing Home: A Profile
Golden Age Nursing Home is a large facility with 125 beds, providing both short-term rehabilitation and long-term care services. The nursing home is known for its comprehensive approach to senior care, offering skilled nursing services, social activities, therapeutic programs, and family involvement. This multifaceted model aims to enhance the quality of life for its residents by addressing their physical, emotional, and social needs. The facility's reliance on Medicaid for approximately 60% of its revenue underscores its vulnerability to financial instability in the wake of a cyberattack.
Details of the Ransomware Attack
The Rhysida group claims to have accessed sensitive organizational data at Golden Age Nursing Home, potentially compromising patient and operational information. The attack underscores the vulnerability of healthcare facilities to cyber threats, particularly those that depend heavily on government funding. The breach could lead to regulatory scrutiny and financial challenges for the nursing home.
Rhysida Ransomware Group: A Rising Threat
Emerging in May 2023, the Rhysida Ransomware Group has quickly gained notoriety for targeting sectors such as healthcare, education, and government. The group employs a double extortion technique, stealing data before encrypting it and threatening to publish it unless a ransom is paid. Rhysida's ransomware is written in C++ and targets Windows systems, using the ChaCha20 encryption algorithm. The group is known for its unpredictable attack patterns and has been involved in high-profile attacks, including those on Prospect Medical Holdings and the British Library.
Potential Vulnerabilities and Attack Vectors
Rhysida typically gains initial access through phishing campaigns and leveraging valid credentials. The group uses tools like PsExec for lateral movement within networks. The attack on Golden Age Nursing Home may have exploited similar vulnerabilities, emphasizing the need for enhanced cybersecurity measures in healthcare facilities.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.