Las Vegas Hospital Data Breach Exposes Personal Information

University Medical Center in Las Vegas recently announced that it had been the victim of a ransomware attack by REvil, a well-known hacker group.

by | Jul 6, 2021 | Tech Insights

Las Vegas Hospital Data Breach Exposes Personal Information

University Medical Center in Las Vegas recently announced that it had been the victim of a ransomware attack by REvil, a well-known hacker group. The Las Vegas Review-Journal reported that University Medical Center released a statement confirming the attack took place in mid-June. Cybercriminals were able to gain access to one of UMC’s servers that are used to store data.

University Medical Center, a non-profit hospital, stated there was no evidence that any of the clinical systems were breached. However, University Medical Center took steps to notify employees and patients that their personal information may have been compromised. Scans of driver’s licenses, social security cards, and passports that were stored on one of the hospital’s servers were posted on the dark web in late June.

University Medical Center Statement

In a statement, UMC stated its cybersecurity team ”recognized suspicious activity on its computer network as early as mid-June”. UMC quickly restricted external access to UMC servers and ”continues to work with law enforcement to fully investigate this activity”, UMC said in the statement. Unfortunately, these types of attacks are becoming common in the healthcare industry, with over 30 healthcare providers being hit by ransomware attacks this year.

In its statement, UMC said there was no evidence to indicate that any of its clinical systems were accessed during the cyberattack. UMC continues to be an active participant in the investigation to determine the origin and scope of the attack. UMC hopes the ongoing investigation will provide valuable insight to help prevent future attacks.

While UMC did not find any evidence that could point to any clinical systems being accessed, UMC did notify patients and employees that their personal information could be at risk. UMC vowed to provide affected employees and patients with credit monitoring services and identity protection services, at no cost to them.

Proof of Stolen Information

REvil, also known as Sodinokibi and Sodin, usually posts proof of stolen personal information on a website on the dark web. If REvil requests a ransom that is not paid in full, the ransomware gang will threaten to post all the information they have on the site. In late June, after the attack on UMC, there were photos of the social security cards, driver’s licenses, and passports of less than ten people. According to the group, this was only a small portion of the information they had obtained in the attack. While there has been no indication by UMC that the group demanded a ransom, the posting of sensitive information is typically followed by a ransom demand.

Ransomware Attack

A ransomware attack takes place when cybercriminals use malware to infiltrate a network. Ransomware is typically spread through phishing emails that contain malicious links. When the links are clicked, the malware immediately goes to work and retrieves valuable information, encrypting files, and locking an entire system. The cybercriminals will demand a ransom in exchange for a decryption key that will unlock the files. However, paying the ransom does not always equate to the files being decrypted and the systems being unlocked.

REvil Strikes Again

The University Medical Center is just the latest victim of a string of attacks by the REvil ransomware gang. REvil has turned into one of the most well-known ransomware gangs. REvil has initiated attacks on over 50 businesses in 2021 alone, and these are just the known victims. The attacks that have been reported to the public are only a small portion of how many actual victims there are. Many ransomware attacks are never reported.

While REvil has initiated attacks on other healthcare organizations, the gang does not solely focus on healthcare organizations. REvil has performed attacks on businesses and organizations in the transportation industry, fuel industry, construction industry, manufacturing industry, meat packing industry, and more. Lately, REvil has been going after larger targets and requesting high ransom amounts.

While REvil has become one of the most well-known ransomware gangs, it is not the only one that has been wreaking havoc on businesses and organizations across the globe. There are countless other ransomware gangs that continue to attack businesses and organizations of all sizes.

Impact of a Cyber Attack on an Organization

A cyberattack that is deemed successful by a ransomware gang can cause major damage to a business or organization. A cyber attack, especially one that results in a data breach, can impact relationships with customers, your bottom line, and your reputation. The impact of a data breach can also have a legal impact.

The economic cost of a data breach

  • Theft of financial information
  • Loss of business or contract
  • Theft of money

Reputational damage after a data breach

  • Loss of trust
  • Loss of customers
  • Reduction in revenue

The legal impact of a data breach

  • Fines
  • Penalties
  • Regulatory sanctions

Is Your Organization Prepared for A Cyber Attack?

Data breach. Ransomware. Hacked. These are no words no business or organization wants to have associated with their operations. This is why it is so important to prepare yourself to prevent a cyberattack, and to give your business a better chance of surviving if one does happen. No business or organization is exempt from data breaches or ransomware attacks. Cybercriminals will cast their nets as wide as they can just to catch something.

A data breach can cause devastation to even the most resilient of organizations. It is important to have effective cybersecurity incident measures in place to reduce your chances of becoming a victim of an attack. User training, education, and awareness are all keys to protecting your business or organization. You have worked hard to build your business, and it is important that you work hard to protect it.

Online threats are out there, and your organization must take the proper actions to protect your systems, your networks, and your sensitive information from cybercriminals who will do anything to get their hands on them.

NSA are experts in providing IT services and cybersecurity services to the Las Vegas medical community including their Trinity cloud services.  Reach out to the NSA team with any questions you may have on cybersecurity and IT services. NSA is here to help.