Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Attacks on Two Specialty Healthcare Providers Affect Nearly 600,000 People

Two specialty healthcare firms, one in Pennsylvania and the other in Texas, were both targeted with ransomware in Q2 2022. Both recently reported these breaches in January 2023; data theft from these attacks may have affected nearly 600,000 people. The first attack was reported on January 10 by a Pennsylvania based non-profit, Wilkes-Barre. The second was reported on January 17th and was suffered by a Texas based home care provider, Home Care Providers of Texas. Both of the incidents were reported to the attorney general’s office of their respective locations. The incidents follow a growing trend of ransomware criminals hitting a widening range of different types of healthcare providers and their vendors, including smaller and specialty entities.

Analyst Notes

The data that can be stolen from these types of attacks is very lucrative to threat actors because it involves the billing, identity, and health information of vulnerable patients. Specialized entities such Wilkes-Barre and Home Care Providers of Texas typically have less resources devoted to mature cybersecurity processes and a smaller budget to deal with attacks.

Anyone that is a patient of these facilities should look for any communication from the company that outlines whether they were included in the breach and what type of information may have been stolen. Anyone that is a patient should ensure they are looking out for phishing emails and other financially motivated social engineering attacks that may arise if their individual data gets sold to other threat groups or used directly by the threat actor. Neither targeted company has announced whether they paid the ransom. In addition, it is highly recommended that organizations ask their users to create complex, unique passwords; these types of attacks are often used to steal passwords from social media or other websites that are then sold or used by the threat group in order to see if users used the same password for their corporate accounts.