McLaren Health Care data breached by BlackCat Ransomware Gang

McLaren Health Care has revealed that its servers fell victim to a ransomware gang called BlackCat, also known as ALPHV, during August and September of this year. The cybercriminals are now issuing threats to expose the pilfered data on the dark web unless their ransom demands are met.

As reported on X, formerly known as Twitter, the BlackCat gang managed to purloin approximately 6 terabytes of sensitive information related to approximately 2.5 million patients. To substantiate their claims, they’re threatening to release a portion of this data.

Sources who wished to remain anonymous divulged that the ransomware attack wreaked havoc on IT services across 14 Michigan hospitals during that period. Just when things appeared to be stabilizing, the threat actors initiated a campaign of blackmail, using the specter of data leaks as leverage.

An informant from ALPHV, active on the Telegram platform, disclosed that their team successfully infiltrated McLaren Health Care’s systems by exploiting a persistent vulnerability or backdoor that still exists.

In response to the breach, McLaren Health Care enlisted the services of cybersecurity experts. These professionals are collaborating with the healthcare network’s IT staff to minimize the risks associated with this dual-threat ransomware attack, which combines data encryption with extortion tactics.

It’s important to note that the criminal gang behind this attack predominantly communicates in Russian. However, there is no concrete evidence linking them to Russian intelligence agencies. Nevertheless, certain Western media outlets have speculated that the Russian government is training cyber operatives to carry out financially motivated cyberattacks. This shift in strategy is thought to be a response to the economic strains imposed by U.S. sanctions, stemming from Vladimir Putin’s actions in Ukraine.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display