Maze: Last week, the Maze ransomware group attacked a Houston hospital. The hospital, which is already dealing with the COVID-19 pandemic, had the added stress of deciding what to do when they found out they had been infected by ransomware and that private data was allegedly stolen. The threat group posted the information on their website announcing the hospital as their latest victim but did not state the amount of the ransom. The sample data that the group posted as proof of attack was mostly general except for one file that had sensitive data. At the time of writing, the victim was still listed on the Maze website.
Analyst Notes
At the beginning of the pandemic, many of the ransomware groups promised not to target hospitals because of the hard times they were expected to have ahead of them. Maze was one of the groups who had made that promise, but shortly afterwards infected a medical research facility. Since then, they had not targeted any hospitals until now. It is unclear what made the group decide that it was acceptable to go back to attacking hospitals. It is likely that if the hospital does not pay, the group will post or auction off the sensitive data they managed to steal during the attack. Based on the sensitive information that hospitals have on their patients, if the threat group decides to leak the data, all patients of the hospital should be aware of the potential for identity theft.
More information can be read here: https://www.databreaches.net/already-in-the-midst-of-a-crisis-a-houston-hospital-was-attacked-by-ransomware/
