Rhysida claims responsibility for attacks on two U.S. health systems: Prospect Medical Holdings, Singing River Health

On August 3, Prospect Medical Holdings disclosed a ransomware attack that affected some of its 16 hospitals and 10 clinics, including three hospitals in Connecticut and hospitals run by Crozer Health. Although they have made some progress with recovery, a note on their website today states, “Prospect Medical Holdings, along with all Prospect Medical facilities, is experiencing a systemwide outage. We are working to resolve the issue as soon as possible and regret any inconvenience.”

For its part, Rhysida ransomware gang claimed responsibility for the attack, stating, “They kindly provided: more than 500000 SSN, passports of their clients and employees, driver’s licenses, patient files (profile, medical history), financial and legal documents!!! If you are interested in our partner’s confidential documents, you will be able to purchase them too!!! Total 1TB unique files, as well as 1.3TB SQL database.”

Rhysida claims to have leaked 45% of all of the files they exfiltrated from Prospect Medical Holdings that they had not yet sold.  

By the end of the month, a second health system, Singing River Health System in Mississippi, was also added to Rhysida’s leak site with proof.

The Singing River listing shows three days left on a countdown clock.
Rhysida demands 30 BTC (approximately $760,000.00) to delete all the data.

Singing River provides a systems update page about their recovery from the attack.

About the author: Dissent

Comments are closed.