Thirty-three US Hospitals Hit By Ransomware This Year

At least 19 US healthcare organizations (HCOs) have been breached by ransomware gangs so far this year, according to Emsisoft.

Brett Callow, threat analyst for the New Zealand-based anti-malware specialist, revealed the news in a tweet yesterday.

Read more on healthcare incidents: NextGen Healthcare Data Breach: One Million Patient Records Affected

Callow claimed that, according to Emsisoft data, those 19 providers operate 33 hospitals and at least 16 of the 19 had data exfiltrated.

By comparison, there were 25 incidents impacting US hospitals in the whole of last year, which seems to indicate a higher rate of compromise in 2023. However, last year the total number of hospitals impacted by December was much higher: 290.

This is due to an attack on CommonSpirit Health, which operates almost 150 hospitals.

Data exfiltration last year occurred in 68% of cases, versus 84% in the first half of 2023.

The breaches keep on coming. Most recently, Callow revealed on Twitter yesterday that Jefferson County Health Center had been listed on the leak site of the Karakurt group.

The group claims to have stolen over 1TB of data including medical records, tests results and the personally identifiable information (PII) of employees and patients from the Jefferson County Hospital in Waurika, Oklahoma.

It’s not just US hospitals that have come under attack recently. The Black Cat/ALPHV group recently added Barts Health NHS Trust to its leak site, claiming to have stolen a whopping 7TB of data.

The trust – which looks after 2.5 million people in East London across hospitals such as St Bartholomew’s, the Royal London and Mile End Hospital – is said to be investigating the claims urgently.

Patient data is also being spilled by HCO partners. A breach at the University of Manchester reported by Infosecurity appears to have led to the compromise of NHS numbers and other information on over one million patients. The university had apparently collected the information from 200 hospitals for a research project.

According to Check Point, the UK’s healthcare sector experienced a 22% year-on-year rise in attempted attacks in the first quarter of 2023, with an average of 1684 per week.