New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


United Health Centers Ransomware Attack Claimed by Vice Society

Vice Society, a ransomware operation that launched in June 2021, has claimed its latest victim. The attack on California-based United Health Center (UHC) disrupted all UHC locations and resulted in sensitive patient information being stolen. The information included patient benefits, financial documents, patient lab results, and audits. 20% of Vice Society’s victims are in the healthcare industry. BleepingComputer reached out to Vice Society to ask why they target hospitals and healthcare centers. This was their response: “Why not? They always keep our private data open. You, me and anyone else go to hospitals, give them our passports, share our health problems etc. and they don’t even try to protect our data. They have billions of government money. Do they steal that money? USA president gave big amount to protect government networks and where is their protection? Where is our protection? If IT department don’t want to do their job we will do ours and we don’t care if it hospital or university.” The healthcare industry continues to be a popular target amongst ransomware threat actors, although several groups publicly state they prohibit such attacks.

Analyst Notes

Threat actors can leverage stolen medical records to impersonate legitimate patients to commit various forms of fraud, including submitting fraudulent claims to health insurers without authorization. This could not only affect healthcare coverage, but also compromise safety if there is misinformation on file that is needed for medical treatment. Anyone who may have been a victim of a medical data breach should get confirmation from their provider to find out exactly what information was stolen. Change and strengthen any online logins and implement multi-factor authentication. Asking the insurance provider for copies of claims and carefully reviewing Explanation of Benefits notices can reveal if a patient’s identity has been used fraudulently. Lastly, financial and credit accounts should be monitored closely, as medical insurance information can be used to commit other forms of financial fraud. Placing a credit freeze on file with the credit bureaus and notifying banks or other financial institutions is helpful to prevent fraud when identity theft is suspected.