Ransomware Gang Targeting Cancer Centers – A New Low


June 22, 2023

World map

Attacks leveraging living-off-the-land (LotL) techniques targeting cancer centers with ransomware prompts HHS to issue an alert to the healthcare sector, a favorite target of ransomware gangs.

The TimisoaraHackerTeam ransomware gang specializes in attacks on medical facilities and has been observed exploiting known vulnerabilities and using LotL techniques – leveraging native network tools – to remain undetected.

“Little is known about the obscure group of hackers, but when its ransomware is deployed, their rarely used and very effective technique of encrypting data in a target environment has paralyzed the health and public health (HPH) sector,” the notification from Health & Human Services’ Healthcare Sector Cybersecurity Coordination Center said as reported by SC Media.

HC3 says the attack on a cancer center “rendered its digital services unavailable, put the protected health information of patients at risk, and significantly reduced the ability of the medical center to provide treatment for patients”

Takeaway: Ransomware attacks against healthcare providers pose a significant threat to human life, and it’s only a matter of time before we may see these attacks end catastrophically.

While the perception is that the healthcare industry is flush with cash and very stable, that is a misconception. The reality is that the healthcare system in our nation is largely operated by non-profit entities who work on shoestring margins.

Ransomware gangs have been hammering the healthcare sector for some time now, and some have taken to using very shady tactics in an attempt to force victim organizations to pay. Whatever data these groups can extract, they will weaponize in their extortion schemes. They will continue to do so until it is no longer profitable.

For example, earlier this year, the BlackCat /ALPHV ransomware gang attempted to extort a Pennsylvania healthcare provider by publishing private, compromising clinical photographs of breast cancer patients. The Lehigh Valley Health Network disclosed the attack in late February, stating they were refusing to pay the ransom demand, reported The Record.

These extortion tactics demonstrate that criminal ransomware groups have absolutely zero conscience in their targeting that there is no line they will not cross. Targeting cancer centers and even leaking confidential photographs of breast cancer patients is a shocking new low.  

Additionally, the use of more advanced techniques for obfuscation and evasion means that organizations with mature security programs are at risk - and most if not all healthcare organizations simply do not have mature security operations.

Healthcare and other critical infrastructure providers are a favorite target for ransomware attacks given they typically have the least resources to dedicate to security, the networks are often composed of older legacy components, and any downtime is extremely disruptive – or potentially lethal.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.