Valley Health Systems have been targeted by REvil ransomware operators, according to Cyble security researchers.
The discovery was made during routine monitoring for data leaks when researchers stumbled upon a post made by the ransomware gang.
“Recently, during the monitoring process of data leaks the Cyble Research Team identified a leak disclosure post in which the REvil ransomware operators claimed to have breached Valley Health Systems,” the researchers said.
Bad actors claim to have stolen sensitive data from Valley Health Systems’ network, including patient, client and employee information. Their message says the data will be made public unless the organization agrees to negotiations.
“Hello, we have downloaded your private data, info about clients and employees and we are ready to publish in our blog if you don’t contact us,” REvil said.
The ransomware gang even provided snapshots of exfiltrated data to prove their successful attack.
“The data leak seems to contain the patient’s prescribed prescriptions, patient details (that include full name, date of birth, gender, patient ID), medical scan reports of patients, multiple Digital Imaging and Communications medical files, and much more,” the researchers added.
Although the healthcare provider released no official statement on the attack, the leaked information clearly suggests a data breach.
The healthcare sector has been under constant strain in the past year, and it comes as no surprise that bad actors regularly target these organizations. The highly sensitive data they manage also makes them a prime subject for attacks.
Medical records are highly popular on underground marketplaces, selling for as much as $1,000. Stolen patient records can be used in a wide range of fraudulent schemes, including medical identity theft, tax return fraud and even extortion attempts.