Karakurt Ransomware Group Targets Methodist McKinney Hospital in Cyberattack
Early reports indicated that Karakurt ransomware group posted Methodist McKinney Hospital patient data on the dark web after executing a cyberattack.
Karakurt ransomware group claimed responsibility for a cyberattack against Methodist McKinney Hospital (MMH) in early July, CBS in Dallas Fort-Worth reported. The threat actors allegedly posted 360 gigabytes of personal data on the dark web.
According to CBS, the ransomware group claimed to have released invoices, contracts, prescription scans, patient cards, and financial documents on the dark web. Methodist McKinney Hospital did not mention the ransomware group explicitly in its notice to patients but explained that it detected unusual activity on certain systems on July 5.
MMH conducted an investigation with the assistance of a third-party and found that an unauthorized actor accessed certain systems containing data from MMH, Methodist Allen Surgical Center, and Methodist Craig Ranch Surgical Center.
“The data present in the relevant systems varies by individual,” MMH stated. “Based on the investigation to date, we determined that the information present in the systems included name, address, Social Security number, date of birth, medical history information, medical diagnosis information, treatment information, medical record number, and health insurance information.”
In its notice, MMH said that it promptly took steps to secure its systems and is currently in the process of reviewing and enhancing its security policies and procedures.
As previously reported, the HHS Health Sector Cybersecurity Coordination Center (HC3) recently alerted the healthcare sector to the rising prominence of Karakurt ransomware group. The group has claimed responsibility for at least four cyberattacks against US healthcare organizations.
Rather than locking files, Karakurt threat actors typically conduct scanning, reconnaissance, and collection on their targets for about two months. Next, the group attempts to gain access to files containing sensitive information and holds that information for ransom.
“Karakurt victims have reported extensive harassment campaigns by Karakurt actors in which employees, business partners, and clients receive numerous emails and phone calls warning the recipients to encourage the victims to negotiate with the actors to prevent the dissemination of victim data,” HC3 said.
“These communications often included samples of stolen data—primarily personally identifiable information (PII), such as employment records, health records, and financial business records. Victims who negotiate with Karakurt actors receive a ‘proof of life’—such as screenshots—showing file trees of allegedly stolen data or, in some cases, actual copies of stolen files.”
To safeguard against cyberattacks, healthcare organizations should implement multi-factor authentication, use secure passwords, and patch systems regularly.