RansomHouse Gang Claims the Hack of Loretto Hospital in Chicago
Another American hospital has fallen victim to a ransomware attack, with the RansomHouse gang announcing the hack of Loretto Hospital in Chicago. The group claims to have stolen 1.5TB of sensitive data from the not-for-profit community-focused healthcare provider.
About Loretto Hospital
Loretto Hospital is a prominent healthcare provider that offers a wide range of services, including primary care, geriatric medicine, vision care, behavioral health services, pediatrics, women's health, pediatric medicine, family planning, and dental services. With its roots dating back to 1939, the hospital is headquartered in Chicago, Illinois.
RansomHouse Gang's M.O.
The RansomHouse gang is a data extortion group that has been active since December 2021. Unlike other ransomware groups, this gang focuses on data theft rather than encryption. Their modus operandi involves stealing sensitive data and then leaking it to shame non-paying victims. However, the group's approach differs from traditional ransomware groups in its focus on data theft over encryption.
Previous Breaches at Loretto Hospital
Loretto Hospital has experienced another data security incident in 2023. On January 19, 2023, a former employee misappropriated security camera footage of a limited number of patients and posted it on Facebook. The footage was removed after the incident was discovered, but the hospital notified the impacted individuals by mail on March 15, 2023, offering guidance on protecting their information.
The Rise of Ransomware Attacks in US Healthcare
Ransomware attacks on US healthcare providers have surged in 2024, with 98 attacks compromising 117 million records. The high volume of sensitive data managed by American hospitals makes them a privileged target for threat actors. Hospitals often face system lockdowns, forcing a switch to manual processes, which can have significant operational and financial implications.
High-Profile Breaches in US Healthcare
Hospitals in the US are not immune to cyber threats. High-profile breaches include:
- Change Healthcare (100M records)
- Summit Pathology (1.8M records)
- OnePoint Patient Care (796K records)
- Boston Children’s Health Physicians (909K records)
Protecting Against Ransomware Attacks
The best way to protect against ransomware attacks is through regular backups and the implementation of Intrusion Prevention Systems (IPS). These measures can help mitigate the impact of a breach and prevent data theft. As threat actors continue to evolve, it is essential for healthcare providers to stay vigilant and adopt robust cybersecurity measures.
The Implications of RansomHouse Gang's Hack
While the Loretto Hospital hack by the RansomHouse gang has not yet been corroborated with evidence of stolen data, the incident highlights the ongoing threat posed by ransomware attacks in the US healthcare sector. As hospitals continue to grapple with system lockdowns and manual processes, it is crucial for them to prioritize cybersecurity and take proactive measures to protect their sensitive data.