Valisana Hit by RansomHouse Ransomware: Patient Data at Risk

Incident Date:

July 24, 2024

World map

Overview

Title

Valisana Hit by RansomHouse Ransomware: Patient Data at Risk

Victim

Valisana

Attacker

Ransomhouse

Location

Berchem-Sainte-Agathe, Belgium

, Belgium

First Reported

July 24, 2024

RansomHouse Ransomware Attack on Valisana

Overview of Valisana

Valisana is a prominent healthcare institution located in Brussels, Belgium, specializing in rehabilitation and psychiatric care. It operates through two main branches: Valida, which focuses on rehabilitation services, and Sanatia, which is dedicated to psychiatric care. Valisana is recognized for its high standards of care, having achieved a Platinum accreditation from Accreditation Canada International in April 2022. The organization is the largest neuro-locomotor and geriatric rehabilitation center in Brussels, with extensive facilities and a significant role in the community.

Details of the Attack

On July 20, 2024, Valisana was targeted by the RansomHouse ransomware group. The attackers claim to have infiltrated the organization's systems and obtained its database, potentially compromising sensitive patient and operational information. Despite the disruption to their IT systems, Valisana has implemented alternative procedures to ensure the continuity of patient care. The organization has committed to maintaining transparency and prioritizing the protection of patient data during this challenging time.

About RansomHouse

RansomHouse is a data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse does not encrypt files but instead gains access to corporate networks, steals data, and threatens to leak the stolen data publicly if the victim does not pay a ransom. The group markets itself as a "professional mediators community" aiming to "minimize the damage" and "bring conflicting parties together." However, their actions are still considered an extortion scheme. RansomHouse has been linked to collaborating with other ransomware groups like White Rabbit and Hive, using tactics such as exploiting vulnerabilities and maintaining a data leak site to pressure victims into paying.

Potential Vulnerabilities

Healthcare institutions like Valisana are particularly vulnerable to ransomware attacks due to the sensitive nature of the data they handle and the critical need for uninterrupted services. The attack on Valisana underscores the growing threat of ransomware attacks on healthcare institutions, which can have severe implications for both data security and patient privacy. The exact method of penetration used by RansomHouse in this case is not publicly disclosed, but common tactics include exploiting software vulnerabilities, phishing attacks, and weak security protocols.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.