Ransomware rocked healthcare, public services in August
Ransomware remained a highly disruptive threat last month, as notable attacks claimed victims in healthcare, technology, manufacturing and the public sector.
Ransomware attacks affected healthcare, technology and public-sector organizations in August, with some victims reporting weeks-long disruptions to vital services.
While ransomware continued to pose a significant threat across all sectors last month, the healthcare and public sectors faced the brunt of attacks for U.S.-based victims. Attacks led to phone outages, disrupted patient care for some healthcare organizations and limited municipalities' ability to provide services for their citizens.
One of the month's biggest ransomware attacks occurred against McLaren Health Care on Aug. 5. The Michigan-based healthcare organization was forced to reschedule non-emergency and elective procedures and requested that patients bring a list of medications, printed physician orders and a list of allergies as electronic medical records remained down.
The attack also affected primary, specialty care clinics and cancer care. McLaren's network was not fully restored until Aug. 27. Last September, the Alphv ransomware gang claimed responsibility for another attack against McLaren.
On Aug. 24, the Port of Seattle disclosed a "possible cyberattack" that caused an internet outage and forced officials to isolate critical systems, which disrupted some services at the Seattle-Tacoma International Airport (SEA). While the airport remained operational, the attack affected phone systems, check-in processes, flight information displays and baggage services.
As of Thursday, nearly two weeks since the attack, some services remained down. However, SEA did say that public Wi-Fi, check-in kiosks and flight and baggage information screens were operating normally for all carriers except United Airlines. No ransomware gang has claimed responsibility for the attack so far. "We'll be addressing any outstanding issues with coverage over the next couple of days," SEA wrote on X, formerly Twitter.
Ransomware also affected a global logistics and supply chain company, Jas Worldwide. The Atlanta-based company disclosed it suffered a ransomware attack Aug. 27 that affected its ability to operate and provide customer services.
However, it did not disrupt the company's email or website. By Aug. 30, Jas restored its central operations system, known as C1, which is used worldwide. Jas operates across more than 100 countries and the U.S. branch serves 28 cities. In its last update on Wednesday, the company revealed all "essential systems" had been restored.
In an 8-K filing Aug. 17, microprocessor manufacturer Microchip Technology disclosed it suffered a cyberattack that forced it to take systems offline. The Chandler, Ariz.-based company revealed the attacker gained unauthorized access to the company's network, disrupted its servers and caused operational delays that impaired Microchip's ability to fulfill orders.
Microchip filed another 8-K form on Wednesday, revealing the incident led to a data breach. Stolen information included employee contact details and some encrypted and hashed passwords. While Microchip has not confirmed the incident involved ransomware, the Play ransomware gang claimed responsibility for the attack and threatened to leak stolen data.
"The Company is aware that an unauthorized party claims to have acquired and posted online certain data from the Company's systems," the company wrote in the 8-K filing this week.
On Aug. 15, the City of Flint, Mich., disclosed that ongoing network and internet outages were caused by a ransomware attack the day before. The city engaged law enforcement while it worked on restoration efforts. Flint officials posted an update on Aug. 20 stating council committee meetings were canceled due to the attack, which also affected payment services, email and phone access.
"Flint Mayor Sheldon Neeley announced at a press conference this afternoon that the City of Flint believes it has successfully recovered the majority of its key data in the aftermath of a cyber attack that began August 14, 2024," the city wrote in the update.
While many of those functions remained affected, an update on Aug. 26 showed the city made significant progress with recovery efforts. The city announced it was able to restore from backups and implemented additional security measures. For example, Flint "installed a completely redesigned network, including Next Generation firewalls."
On Aug. 13, KTSM reported that Gadsden Independent School District in New Mexico experienced a ransomware attack earlier that day. The school district encompasses more than 14,000 students. Gadsden sent a news release to the outlet stating employee and student data were not affected by the attack, but it did disrupt normal operations. Teachers and staff were instructed to disconnect from the school network as a result of the attack.
Significant disruptions to public sector continue
The City of Killeen, Texas, was another municipality to suffer a ransomware attack last month. On Aug. 8, Killeen officials announced "a security breach" had occurred a day earlier that was the result of a ransomware attack. The city stated it was recovering quickly and that most internal systems were only temporarily affected.
After detecting the attack, the city proactively forced the utility customer service payment system offline to protect sensitive data. Disruptions to that service have continued. The city also revealed the ransomware gang responsible for the attack.
"This breach was the result of a cyber intrusion carried out by a cybercriminal (BlackSuit Ransomware) and the City has been actively engaged with the Texas Department of Information Resources," the City of Killeen wrote in the update.
BlackSuit was also behind the highly disruptive attack against automative technology provider CDK Global in June.
The Sumter County Sherriff's Office in Florida disclosed in a Facebook post it suffered a ransomware attack Aug. 6. The Sherriff's Office said it forced systems offline to cut off the attackers' access and warned that access to certain records would be limited. On Aug. 9, the Rhysdia ransomware gang claimed responsibility for the attack through its public data leak site and threatened to publish stolen data within a week. Sumter County Sherriff's office has not provided any updates.
Another highly disruptive attack occurred against the City of North Miami on Aug. 4. The city, which serves more than 60,000 residents, was forced to close city hall as a result of the attack, and it did not reopen until Aug. 12. In addition to limited services, the city also warned residents that fraudulent emails were being sent, allegedly from city staff. The emails requested money or that recipients click on a malicious link.
On Aug. 14, Axios Miami reported that the responsible ransomware gang may have leaked private photos belonging to Mayor Alix Desulme. Ransomware gangs are employing more aggressive extortion tactics to force victims into paying a ransom. For example, attackers will contact the victims' family, competitors or customers directly, as well as leak highly sensitive data.
Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.
