Chris Swagler | August 23rd, 2021

hive ransomware

Early Sunday morning, the Hive ransomware group attacked and encrypted the computer of the non-profit Memorial Health System, forcing employees to work offline. The IT department noticed that parts of the network infrastructure were not responding.

Memorial Health System is a network that operates three hospitals in Ohio and West Virginia, outpatient service sites, and provider clinics.

The ransomware attack disrupted clinical and financial sectors of the hospitals which resulted in cancelations of surgical operations.

A data breach usually occurs when there is a ransomware attack. The attackers will spend time on the network to locate the most valuable systems and steal the data before implementing the encryption. The extracted data is crucial for threat actors in collecting ransom payments as they utilize it in the usual double extortion method.

According to BleepingComputer, there’s evidence that the attackers have stolen databases containing 200,000 patients’ sensitive information including social security numbers, names, and dates of birth. In late June, we covered the Hive ransomware group and the first batch of data they posted on their leak site, HiveLeaks, which contains the stolen data of two dozen victims that refused to pay the ransom.

The leak website contains a list of small to medium sized businesses with the largest being Altus Group, a software provider company that offers data solutions to commercial real estate industry.

Ransomware continues to cause disruptions within healthcare facilities as many organizations have not taken the time to make proper security improvements to their networks. With SpearTip’s 24/7 Security Operations Center, our certified engineers work directly with facilities just like Memorial to continuously monitor networks and respond to incidents at a moment’s notice.

Quick and swift response is great, but being proactive in protection and strengthening security posture is even better. Our endpoint detection and responses tool, ShadowSpear, works in tandem with our engineers to detect threats early and prevent crucial business disruption which ultimately will save your organization time and money.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.