Another critical infrastructure healthcare suffered a security breach, this time the victim is the Wayne Memorial Hospital in Pennsylvania. Wayne Memorial Hospital is a 114-bed not-for-profit hospital located in Honesdale, Pennsylvania, United States.
The Monti ransomware gang claimed the hack of the healthcare structure and added it to its Tor leak site.
The extortion group claimed the theft of data and announced it would leak it at 07.8 2024.
The Monti group has been active since June 2022, shortly after the Conti ransomware gang shut down its operations. Researchers noticed multiple similarities between the TTPs of the two gangs, Monti operators also based their encryptor on the Conti’s leaked source code.
In August 2023, the Monti ransomware operators returned, after a two-month break, with a new Linux version of the encryptor. The variant was employed in attacks aimed at organizations in government and legal sectors.
Healthcare infrastructure in the US continues to be under attack, in February the Lurie Children’s Hospital in Chicago took IT systems offline after a cyberattack. The security incident severely impacted normal operations also causing the delay of medical care.
Lurie Children’s Hospital is one of the top pediatric hospitals in the United States.
In early November 2023, the Cogdell Memorial Hospital (Scurry County Hospital District) announced it was experiencing a computer network incident that prevented the hospital from accessing some of its systems and severely limiting the operability of its phone system. The hospital immediately removed network connectivity and continued to provide most routine services.
The facility operates as a Critical Access Hospital and a Rural Health Clinic serving rural West Texas.
In November 2023, the Lorenz extortion group leaked the data stolen from the Texas-based Cogdell Memorial Hospital.
Cyber attacks against hospitals are very dangerous, and despite major ransomware gangs imposing restrictions on their affiliates to avoid targeting them, many incidents have recently made headlines.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Monti ransomware)