University Medical Center of Southern Nevada Cyber Attack
University Medical Center of Southern Nevada (UMC) recently suffered a ransomware attack in which patient data was stolen. The Medical Center confirmed the attack after the Las Vegas Review Journal discovered stolen data had been posted on the darknet site of the Russian-linked ransomware gang REvil, also known as Sodinokibi or Sodin.
UMC is a nonprofit public hospital and home to Nevada’s only Level 1 trauma center. It’s affiliated with the Kirk Kerkorian School of Medicine at UNLV and operated by the Clark County Commission.
Detection and Response by UMC
In a statement, UMC says its cybersecurity team detected suspicious activity on the hospital’s computer network in mid-June and responded quickly by immediately restricting external access to UMC servers.
UMC’s IT division acted swiftly to identify the suspicious activity and secure the hospital’s network, the organization states. This internal response resulted in minor, intermittent computer login issues for some UMC team members. However, the ransomware attack did not impact patient care, and there were no delays in clinical operations.
According to a report submitted by UMC to the U.S. Department of Health and Human Services, the attack is estimated to have affected up to 1.3 million people. UMC says that REvil targeted a server used to store patient data and gain access to personally identifiable information (PII), including protected health information (PHI) of patients and employees.
This includes passports, Social Security numbers, driver’s licenses, names, addresses, dates of birth, clinical histories, financial information, and insurance information. The medical center says there is no evidence that any clinical systems were accessed during the attack. The medical center notified patients and affected employees about the potential risk to their PII and promised to offer free access to identity protection and credit monitoring services.
Demand For Ransom
After the attack, images of driver’s licenses, passports, and Social Security cards of around half a dozen alleged victims were posted on the hacker’s group website. According to REvil, this was only a small portion of the information they had obtained in the attack.
This standard operating procedure for the group is typically a move to pressure an organization to pay a ransom. However, there’s no indication from the UMC that the hacker group demanded ransom. The medical center is working with the Las Vegas Metropolitan Police Department, the FBI, and third-party cybersecurity experts to determine the exact origin and scope of the breach.
REvil Ransomware Gang
REvil is a prolific ransomware-as-a-service (RaaS) gang active since early 2019 – a whopping 42% of all recent ransomware attacks trace back to this gang. Since its debut, REvil has gained considerable momentum, locking up and even auctioning off data that belonged to companies. With pressure tactics going beyond data encryption, REvil operators often steal data in advance, exfiltrate it, and then resort to extortion tactics. Those who refuse to pay up, hoping to rely on their ability to recover data, will receive threats to have sensitive, confidential data exposed publicly on the group’s Dark Web site.
It has been one of the most active ransomware operations over the past year, having conducted many attacks on businesses in the United States. The gang was behind the ransomware attack on the global meat supplier, JBS Foods, which resulted in the temporary closure of food production facilities in the United States. JBS paid the gang $11 million in Bitcoin following the attack.
In July, the gang hit at least 1,000 businesses by attacking the software company Kaseya, which develops software used to manage business networks and devices. It was one of the widest ransomware campaigns ever conducted, with the group demanding a $70 million ransom to release the affected machines.
Other cyberattacks attributed to REvil include:
- Apple MacBook supplier: $50,000,000
- Leading cosmetics group Pierre Fabre: $25,000,000
- New York-based law firm Grubman Shire Meiselas & Sacks: $42,000,000
- The Dairy Farm Group: $30,000,000
Cyber attacks are the fastest–growing crime in the United States, increasing in size, sophistication, and cost every year. Industry experts estimate that cybersecurity incidents will cost businesses globally up to $10.5 trillion within the next five years alone. Despite these shocking statistics, more than 50% of businesses are not prepared to combat cyber attacks.
If your organization gets breached, the losses you’ll incur go beyond money. While you can recover financially, but it’s harder to recover from the reputational loss. Since 60% of small companies that suffer attacks end up collapsing within six months, you can’t afford to ignore cybersecurity.
Here are some potential repercussions of your small business falls victim to an attack:
- Intellectual property theft
- Reputational damage
- Operational disruptions
- Loss of business and revenue
Prepare Your Business For Cyber Attacks Today!
Proactive protection of your systems will help you detect risks before they have a chance to do any damage. Common vulnerabilities for Las Vegas businesses and organizations include malware, botnets, phishing scams, spyware, adware, and most notably, ransomware. At Network Security Associates (NSA), we offer comprehensive cybersecurity assessments that detect weak points in your company’s current security strategies.
We work with Las Vegas businesses and organizations to help them proactively block hackers, pointing them to small and often overlooked gaps that might allow intruders into your systems to access highly sensitive data. Our penetration testing team can identify cybersecurity vulnerabilities before an intruder has the opportunity to infiltrate your network or computer system and work with you to remediate and reduce risk.
We also provide managed IT security services that include free initial cybersecurity assessments, secure wireless network set-up and maintenance, free ongoing employee training, automatic software updates, secure cloud services, and much more. Our managed IT security services ensure that your business is safe from ransomware, data theft, network breaches, malware, and corporate disclosure.
All of our services are customizable to combat specific cyber security threats and protect your systems, and we’ll help you choose the best solution tailored specifically for the cyber security threats your organization faces. Our expert cybersecurity experts will constantly monitor your systems and proactively respond to any threat or attack, giving you the peace of mind to focus on your business knowing that your IT security is in the capable and trusted hands of the NSA team. Contact us today to schedule a cybersecurity consultation and protect your Las Vegas business!