University Medical Center of Southern Nevada attacked by REvil threat actors

See update at bottom of this post for statement from UMCSN. They do confirm that there was a breach.

The University Medical Center of Southern Nevada, who proudly proclaims itself the official healthcare provider for the Vegas Golden Knights, has allegedly been the victim of a cyberattack by REvil (Sodinokibi) threat actors.

The well-known ransomware operators added the medical center to their dedicated  “Happy Blog” dark web  leak site yesterday — an addition that generally means that a victim has ignored the threat actors or has refused to pay some demanded ransom.

Listing on REvil's Site

The listing does not indicate when REvil allegedly attacked the medical center or how much data they claim to have exfiltrated. For now, as proof of access, they dumped a handful of images of driver’s licenses, passports, and social security cards.

There has been no disclosure by the medical center or any statement on their web site or Facebook page. sent three email inquiries today to the medical center, asking for a statement confirming or denying the claimed attack, and describing the scope or impact of it if they confirmed it. There has been no reply. The medical center, which is the only public, non-profit hospital in Clark County and operates the state’s only Level I Trauma Center, provides services to patients in four states within 10,000 square miles. As such, it is critical to the area in the case of any mass casualty event and any attack encrypting files or systems could potentially be disastrous.

Then, too, given that the medical center are the healthcare providers to the Vegas Golden Knights, it is possible that threat actors would try to sell the athletes’ records or any records they could acquire concerning the team.

Hopefully, the medical center was prepared for an attack and either thwarted it quickly or was able to recover fully.  But we won’t know until they issue a response to inquiries.

This post will be updated if a reply is received, but in the absence of any confirmation, prudence dictates treating it as an unconfirmed claim by the threat actors.

Post corrected to reflect that REvil added the listing to their leak site yesterday, not today.

Update:  Statement from UMCSN:

Clinical Operations Continue at UMC After Hospital Targeted by Cybercriminals, With No Evidence of Clinical Systems Breach
Out of an Abundance of Caution, UMC to Offer Complimentary Identity Protection and Credit Monitoring Services for Patients and Staff

LAS VEGAS (June 29, 2021) – UMC’s cyber security team recognized suspicious activity on the hospital’s computer network in mid-June and responded rapidly by immediately restricting external access to UMC servers. While the hospital continues to work with law enforcement to fully investigate this activity, UMC believes cybercriminals accessed a server used to store data. This type of
attack has become increasingly common in the health care industry, with hospitals across the world experiencing similar situations.

There is no evidence that any clinical systems were accessed during the attack. UMC continues to work alongside the Las Vegas Metropolitan Police Department, the FBI, and cyber security experts to determine the exact origin and scope of the attack. The investigation will provide valuable information to help prevent similar security issues in the future.

UMC’s IT Division acted swiftly to identify the suspicious activity and secure the hospital’s network. This internal response resulted in minor, intermittent computer login issues for some UMC team members. While these login issues were certainly inconvenient, there have been no disruptions to patient care or UMC’s clinical systems.

Although UMC has no reason to believe cybercriminals accessed any clinical systems, out of an abundance of caution, the hospital will notify patients and employees that their personal information may be at risk. UMC will provide patients and staff with access to complimentary identity protection and credit monitoring services. The hospital will contact patients and staff directly to provide information about how to access the complimentary services.

About the author: Dissent

Comments are closed.