Pierluigi Paganini September 10, 2023

Rhysida Ransomware group added three more US hospitals to the list of victims on its Tor leak site after the PROSPECT MEDICAL attack.

Recently the Rhysida ransomware group made the headlines because it announced the hack of Prospect Medical Holdings and the theft of sensitive information from the organization.

In early August, a cyberattack disrupted the computer systems of multiple hospitals operated by Prospect Medical Holdings, which are located in multiple states, including California, Texas, Connecticut, Rhode Island, and Pennsylvania.

Some emergency rooms in multiple hospitals in several states were forced to close and ambulances were diverted due to a cyberattack against their networks.

BleepingComputer first reported that the group claimed to have stolen a database containing 500,000 social security numbers, corporate documents, and patient records.

The Rhysida ransomware group threatened Prospect Medical Holdings to leak the stolen data if the company did not pay a 50 Bitcoins ransom (worth $1.3 million).

Now the cybersecurity researcher Dominic Alvieri first noticed that the ransomware gang claimed to have breached other three US hospitals.

The systems at three hospitals and other medical facilities operated by Singing River Health System were hit by a cyber attack at the end of August.

The Singing River Health System runs 3 hospitals and 10 clinics and is the second largest employer on the Mississippi Gulf Coast.

“The Singing River Health System’s three hospitals – Pascagoula Hospital, Ocean Springs Hospital, and Gulfport Hospital, as well as its dozen-plus medical clinics – are affected by the incident, which began over the weekend. The health system employs about 3,800 people.” reported BankInfoSecurity.

Several services at the hospitals, including laboratory and radiology testing were impacted by the IT systems outage. Singing River said it is working to process all paper-ordered lab tests and radiology exams as quickly as possible, based on priority.

Cyberattacks on smaller regional healthcare providers can have a devastating impact. In June, the St. Margaret’s Health announced it is partly closing operations at its hospitals due to a 2021 ransomware attack that impacted its payment system.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Singing River Health System hospitals)