Pierluigi Paganini
March 10, 2025
The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data.
The Loretto Hospital is a not-for-profit, community-focused health care provider. They provide healthcare services including: primary care, geriatric medicine, vision care, behavioral health services, pediatrics, womens health, pediatric medicine, family planning and dental services. The hospital was founded in 1939 and is headquartered in Chicago, Illinois.
At the time of writing, the group has yet to publish any evidence of the alleged stolen data.
The Loretto Hospital in Chicago has allegedly been breached by RansomHouse.@chicagotribune @ABC7Chicago pic.twitter.com/bwRCHqCS9o
— Dominic Alvieri (@AlvieriD) March 10, 2025
RansomHouse is a data extortion group that has been active since Dec 2021. Unlike other extortion group, the gang doesn’t encrypt data, but focuses on data theft to speed up its activity. Victims include AMD and Keralty. They shame non-payers by leaking data. Backups are insufficient; IPS is recommended for protection.
American hospitals are a privileged target for threat actors due to the huge trove of sensitive data they manage.
Ransomware attacks on U.S. healthcare providers surged in 2024, with 98 attacks compromising 117 million records. Hospitals often face system lockdowns, forcing a switch to manual processes. High-profile breaches include Change Healthcare (100M records), Summit Pathology (1.8M), OnePoint Patient Care (796K), and Boston Children’s Health Physicians (909K).
In 2023, Loretto Hospital experienced another data security incident. On January 19, 2023, a former employee misappropriated security camera footage of a limited number of patients and posted it on Facebook. The footage was removed after the incident was discovered. Loretto identified the impacted individuals and notified them by mail on March 15, 2023, offering guidance on protecting their information. The exposed information consisted of security camera footage of a small number of patients.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Loretto Hospital)
