University Medical Center of Southern Nevada (UMC) has encountered a ransomware attack and had patient data stolen. The medical center said it identified suspicious activity within the hospital system in mid-June and had taken fast action to deal with the problem and restrict the attacker’s unauthorized access to its servers.
UMC initiated an investigation into the cyberattack and informed the authorities. It appears that the attackers accessed a server that stored patient data. At the beginning stage of the investigation, UMC noted that the attack didn’t impact the clinical systems.
UBM reported that the Las Vegas Metropolitan Police Department, the FBI, and third-party cybersecurity specialists are finding out the specific source and magnitude of the incident.
Any cyberattack that interferes with hospital operations can possibly bring about extensive trouble to patients. This is especially true with regard to the ransomware attack on UMC. UMC is the only Level 1 trauma center established in Nevada.
UMC claimed that the quick action of its IT team helped to restrict the breach, nonetheless, that response prompted little, intermittent computer access problems for many UMC personnel. Though these login issues were annoying, they did not interfere with providing patient care or accessing UMC’s medical systems.
UMC is convinced that the clinical systems were not affected by the breach. But as a safety measure, UMC stated it is issuing breach notification letters to patients and the affected staff and will be giving identity protection and credit monitoring services for free.
The REvil (Sodinokibi) ransomware group appears to be responsible for the attack. The REvil ransomware gang had been actively doing ransomware attacks since 2020, specifically targeting U.S. companies. The gang was the perpetrator behind the JBS Foods attack last May 2021 which compelled the food manufacturing facilities in the U.S.A. to be momentarily shut down. JBS gave the attackers $11 million in Bitcoin as ransom payment after the attack.
After the attack of the DarkSide ransomware gang on Colonial Pipeline plus the attack of the REvil ransomware gang on JBS Foods, they issued an announcement jointly with the Avaddon ransomware operation declaring the restriction of their affiliates’ attacks and will not attack certain sectors, such as healthcare. That decision doesn’t seem to have been followed.