[Security News] Thanksgiving Ransomware Attack Impacts 30 Hospitals Across the US

hospital ransomware cover

November 2023


1. Ransomware attack during Thanksgiving week impacts 30 hospitals across the US

Ardent Health Services, a Tennessee-based healthcare provider operating 30 hospitals across six US states, discovered a ransomware attack on the morning of Thanksgiving day, resulting in healthcare disruptions to all its hospitals.

The healthcare provider immediately shut down its network and disabled all access to its corporate servers and clinical applications. This forced many hospitals to divert incoming ambulances to nearby hospitals. Non-emergency procedures and screening had to be delayed and rescheduled. Some hospitals resumed emergency services after a day, while others faced longer disruptions throughout the week.

Ransomware attacks against healthcare providers used to be rare, but have been on a steady rise since the beginning of the COVID-19 pandemic. Hospitals must both increase their cybersecurity measures and educate their staff on preventing phishing and social engineering attacks.

Sources: SC Media, Infosecurity, The Guardian


2. Rhysida ransomware steals HR data from British Library for online auction

British Library, the world’s largest library with up to 200 million items, disclosed a ransomware attack. Sensitive HR data were stolen by the Rhysida ransomware gang and were later posted online for auction at a starting price of 20 Bitcoins (about $750,000).

Although the attack happened back on October 28, British Library did not publicize the incident until mid-November. To attract more buyers, the Rhysida ransomware gang posted censored images of passport scans and financial details. The deadline for the bit was set to November 27.

Not only were data stolen, but the IT systems of British Library were also severely impacted. Its websites were shut down and online book ordering remained unavailable. British Library said that it could take months for its systems to fully recover. As of now, public Wi-Fi in its buildings has been restored.

Sources: TechCrunch, Independent


3. Slovenia’s largest electricity provider HSE attacked by ransomware

HSE (Holding Slovenske Elektrarne), a Slovenian power company that generates over 60% of domestic electricity, suffered a ransomware attack that compromised and encrypted files in its IT systems. The company operates several thermal, hydroelectric, and solar power plants, all of which are considered critical infrastructure.

The attack took place on November 22, and was later contained on November 24. Although IT systems were encrypted, HSE said the attack did not impact its power production capability. The amount of ransom demanded was not disclosed.

Several unofficial sources claimed that the attack was executed by the Rhysida ransomware gang, which has been particularly active throughout the year. It was also reported that the threat actors gained access to the company’s network by stealing passwords stored in an unprotected cloud storage.

Sources: Bleeping Computer, Dark Reading


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security