Cyberepidemic: Rhysida Group Halts PMH Medical Corp Work

California Medical Corporation Prospect Medical Holdings (PMH), which owns a network of 17 hospitals and more than 165 outpatient institutions, was the victim of the Rhysida cyber attack.

Cyberataka, which occurred on August 3, seriously violated the work of medical institutions in the northeast of the United States. Many hospitals were forced to suspend reception in emergency departments and still have difficulties with the functioning of their online systems. Rhysida has already begun auction for the sale of more than 2 TB of stolen data.

On the auction page of the Rhysida group, personal data are presented more than 500 thousand patients and employees of PMH, including social insurance numbers (SSN), passports, driver’s certificates, patients of patients, as well as legal and financial documents.

Announcement of data on the forum

Almost all sites of the hospitals included in the PMH place a banner with a system failure and that the problem is being solved. Some hospitals switched to paper document management. The network’s work was seriously violated in several hospitals of the state of Pennsylvania, which are part of the subsidiary of PMH – Crozer Health.

Banner with a message on sites

Due to the seriousness of the violation and its consequences for healthcare, the local FBI departments began an investigation into this incident. PMH did not give an assessment when the services return to the normal state.

Rhysida – a relatively new group in the arena of cybercrime. According to the US Ministry of Health, Rhysida has a connection with the Vice Society group, which specializes in attacks in the educational sector. Rhysida operates as Ransomware-AS-A-Service (RAAS) and was first seen in May of this year after a successful attack on the Chili government.

/Reports, release notes, official announcements.