Hunters International Ransomware Gang Extorts Cancer Patients

Seattle-based Fred Hutchinson Cancer Center has been targeted by the Hunters International ransomware gang, who claim to have exfiltrated over 500 GB of patient data that is being leveraged to extort individual patients.

‍

“All Fred Hutch clinics are open and actively serving patients. The safety, wellbeing, and personal information of our patients and employees is of the utmost importance to Fred Hutch,” The Record reports a spokesperson for the center as stating.

‍

“Our forensic team is continuing to conduct an assessment of the data accessed and we will provide further updates as we have them.”

‍

Compromised data may include Social Security and driver’s license numbers, passport and financial account information, tax identification numbers, individual health insurance policy numbers and more.

‍

Reports indicate that as many as 800,000 patients had their data exposed, and the attackers are allegedly extorting individual patients for a $50 ransom in order to avoid having their personal health information (PHI) exposed online.

‍

“I think it’s disgusting that they’d take advantage of cancer patients of all people, people who are struggling at the worst time of their lives,” a breach victim told local news outlet KIRO, according to The Record.

‍

Takeaway: Healthcare and other critical infrastructure providers are a favorite target for ransomware attacks given they typically have the least resources to dedicate to security, the networks are often composed of older legacy components, and any downtime is extremely disruptive – or potentially lethal.  

‍

Ransomware attacks against healthcare providers pose a significant threat to human life, and it’s only a matter of time before we may see these attacks end catastrophically.

‍

Ransomware gangs have been hammering the healthcare sector for some time now, and some have taken to using very shady tactics in an attempt to force victim organizations to pay.

‍

While the perception is that the healthcare industry is flush with cash and very stable, that is largely not the case. The reality is that the healthcare system in our nation is largely operated by non-profit entities who work on tight margins.

‍

For example, earlier this year, the BlackCat /ALPHV ransomware gang attempted to extort a Pennsylvania healthcare provider by publishing private, compromising clinical photographs of breast cancer patients.  

‍

The Lehigh Valley Health Network disclosed the attack in late February, stating they were refusing to pay the ransom demand, reported The Record. These extortion tactics demonstrate that criminal ransomware groups have absolutely zero conscience in their targeting that there is no line they will not cross.  

‍

Targeting cancer centers and even leaking confidential photographs of breast cancer patients is a shocking new low, and the introduction of more advanced techniques for obfuscation and evasion means that even organizations with mature security programs are at risk.

‍

Whatever data these groups can extract, they will weaponize in their extortion schemes. They will continue to do so until it is no longer profitable.

‍

‍

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.