TIMS Medical Hit by Abyss Ransomware Group Stealing 680GB Data
Incident Date:
September 19, 2024
Overview
Title
TIMS Medical Hit by Abyss Ransomware Group Stealing 680GB Data
Victim
TIMS Medical
Attacker
Abyss
Location
First Reported
September 19, 2024
Ransomware Attack on TIMS Medical by Abyss Group
In a recent cyberattack, TIMS Medical, a division of Foresight Imaging specializing in advanced medical imaging solutions, has fallen victim to the Abyss ransomware group. The attack was publicly claimed by Abyss on their dark web leak site, where they announced the exfiltration of 680 GB of uncompressed data from the company.
About TIMS Medical
Established in 2004 and headquartered in Chelmsford, Massachusetts, TIMS Medical employs approximately 36 individuals. The company is renowned for its flagship product, the TIMS MVP (Medical Video Platform), which is a fifth-generation medical imaging system. This platform facilitates live video recording from various medical modalities, including fluoroscopy and endoscopy, at high resolutions and frame rates of up to 30 frames per second. The system also offers synchronized audio capture and robust editing tools, enabling healthcare professionals to create sub-clips for archiving in Picture Archiving and Communication Systems (PACS) or Vendor Neutral Archives (VNA).
TIMS MVP is particularly beneficial for procedures such as Modified Barium Swallow Studies (MBSS) and Fiberoptic Endoscopic Evaluation of Swallowing (FEES). The platform's integration with existing hospital systems ensures secure archiving of studies, reducing the risk of HIPAA violations associated with removable media like USB drives. With over 5,000 installations globally, TIMS Medical has established itself as a gold standard in medical imaging technology.
Attack Overview
The Abyss ransomware group, known for targeting VMware ESXi environments, claimed responsibility for the attack on TIMS Medical. The group operates a TOR-based website where they list victims and exfiltrated data if ransom demands are not met. The attack on TIMS Medical resulted in the exfiltration of 680 GB of uncompressed data, which could potentially include sensitive patient information and proprietary technology details.
About Abyss Ransomware Group
The Abyss ransomware group emerged in March 2023 and has since targeted various industries, including finance, manufacturing, information technology, and healthcare. The group primarily targets the United States, with a focus on medical, manufacturing, and technology sectors. Abyss Locker ransomware campaigns often begin with weak SSH configurations, using SSH brute force attacks to gain initial access to exposed servers. The ransomware encrypts files with the ".crypt" extension and leaves ransom notes with the .README_TO_RESTORE extension.
Vulnerabilities and Penetration
TIMS Medical's reliance on advanced medical imaging technology and integration with hospital systems makes it a lucrative target for ransomware groups like Abyss. The company's focus on secure archiving and reducing HIPAA violations indicates a strong emphasis on data security. However, the attack suggests potential vulnerabilities in their cybersecurity measures, particularly in protecting against sophisticated ransomware attacks targeting VMware ESXi environments.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.