Clarke County Hospital (CCH) has announced a data breach, one month after the Royal ransomware gang claimed responsibility for the attack and employed an audacious extortion tactic.
Security researchers discovered CCH listed on the Royal ransomware data leak site, with leaked data that reportedly included a video of a patient collapsing.
The hospital confirmed the breach on May 17, revealing that personal information, including names, addresses, dates of birth, and health insurance details, may have been exposed.
The notification from CCH assured affected individuals that there was no evidence of their information being misused and clarified that electronic medical records, Social Security numbers, banking details, and credit card information were not compromised. However, the hospital did not mention the ransomware claim or provide specific details about the attack. The incident, which began on April 14, forced CCH to disable network access, as confirmed by status updates on their Facebook page at the time.
Experts, including threat analyst Brett Callow from Emsisoft, noted the increasing aggressiveness of ransomware groups in their extortion tactics. Ransomware operators are resorting to leaking stolen data to pressure organizations into paying the ransom.
In this case, the video posted by the Royal ransomware group was likely intended to draw attention to the incident and increase pressure on CCH. This attack highlights the growing threat faced by the healthcare sector, with threat actors targeting sensitive medical data for theft and ransom.
Earlier this year, another healthcare provider, Lehigh Valley Health Network, faced a similar threat of medical data leakage after a ransomware breach.
