SpaceBears Ransomware Hits InVogue Women Healthcare, Compromises Data

Incident Date:

June 15, 2024

World map

Overview

Title

SpaceBears Ransomware Hits InVogue Women Healthcare, Compromises Data

Victim

InVogue Women Healthcare, PLLC (USA,TX)

Attacker

SpaceBears

Location

El Paso, USA

Texas, USA

First Reported

June 15, 2024

SpaceBears Ransomware Attack on InVogue Women Healthcare, PLLC

Overview of InVogue Women Healthcare, PLLC

InVogue Women Healthcare, PLLC, based in El Paso, Texas, is a private medical practice specializing in comprehensive healthcare services for women. The clinic offers a wide range of services, including gynecology, obstetrics, and specialized care for conditions like menopause and urinary incontinence. The practice is known for its patient-centered approach, emphasizing personalized care and patient education.

Details of the Ransomware Attack

InVogue Women Healthcare, PLLC recently fell victim to a ransomware attack orchestrated by the SpaceBears group. The attack compromised sensitive patient data, including email and residential addresses, telephone numbers, and personal photos. Additionally, employee information such as salaries and positions, along with crucial financial reports, were also stolen. This breach poses significant risks to the privacy and security of both patients and staff.

About SpaceBears Ransomware Group

SpaceBears is a newly emerged ransomware group first detected in mid-March 2024. The group is associated with the Faust operator, an affiliate of the Phobos ransomware-as-a-service network. SpaceBears operates a dark web leak site for double extortion, where stolen data is used to extort victims in addition to encrypting files. Their tactics reflect a shift towards data exfiltration and double extortion, a trend seen in other sophisticated ransomware groups.

Penetration and Impact

The threat acto likely penetrated InVogue Women Healthcare's systems through vulnerabilities in their cybersecurity infrastructure. The attack underscores the importance of robust security measures, especially for organizations handling sensitive personal and medical data. The financial and reputational damage from such breaches can be severe, leading to loss of customer trust and substantial ransom demands.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.