ThreeAM Ransomware Hits Brunswick Hospital Center in Major Cyberattack
Incident Date:
September 12, 2024
Overview
Title
ThreeAM Ransomware Hits Brunswick Hospital Center in Major Cyberattack
Victim
Brunswick Hospital Center
Attacker
3AM
Location
First Reported
September 12, 2024
ThreeAM Ransomware Group Targets Brunswick Hospital Center in Major Cyberattack
Brunswick Hospital Center, a specialized psychiatric facility located in Amityville, New York, has become the latest victim of a ransomware attack orchestrated by the ThreeAM ransomware group. The hospital, which operates 146 beds and is accredited by The Joint Commission, reported that 22.1 GB of sensitive data was exfiltrated and leaked by the attackers.
About Brunswick Hospital Center
Brunswick Hospital Center is a private, acute-care psychiatric hospital licensed by the New York State Office of Mental Health. The facility focuses on treating individuals with severe emotional disturbances and mental illnesses, offering services such as psychiatric assessments, individual and group therapy, creative arts therapy, family counseling, and nutritional support. The hospital employs between 51 to 200 staff members and reported a total patient revenue of approximately $167.15 million for the most recent fiscal year.
Attack Overview
The ThreeAM ransomware group claimed responsibility for the attack via their dark web leak site. The group reportedly exfiltrated 22.1 GB of data, which they have threatened to release if their ransom demands are not met. The attack has disrupted the hospital's operations, potentially compromising patient care and data security.
ThreeAM Ransomware Group
ThreeAM, also known as 3AM, is a newly emerging ransomware strain written in Rust. It is known for its sophisticated methods and ties to other cybercriminal organizations like Conti and Royal. The ransomware encrypts files and appends the extension ".threeamtime" to them. Victims receive a ransom note warning against self-recovery attempts and threatening to sell stolen data on the dark web if the ransom is not paid.
Penetration and Vulnerabilities
ThreeAM ransomware often serves as a fallback option during failed deployments of other ransomware, such as LockBit. The attackers likely gained initial access through phishing emails or exploiting vulnerabilities in the hospital's network. Once inside, the ransomware stops various security and backup services to maximize damage and prevent recovery efforts. The hospital's reliance on digital records and interconnected systems made it a prime target for such an attack.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.