A ransomware group that stole information from a Seattle cancer center has now reached out to individual patients directly, threatening to publish their personal details if they do not send payment.

Earlier this month, Fred Hutchinson Cancer Center, which operates 10 clinical sites in the region, disclosed that its network was breached on November 19. It quarantined the servers, took its clinical network offline, notified federal authorities, hired a forensic security firm to investigate, added more defensive tools, and increased data monitoring, it said in a notice on its site.

On December 15, Hunters International, a new ransomware group, revealed it was the culprit behind the attack and added Fred Hutchinson to its extortion portal on the dark web. It threatened to leak 533.1 GB of data, reported tech news outlet Bleeping Computer, and published thumbnails of select documents that it claims to have exfiltrated from Fred Hutchinson’s networks.

Additionally, the group has emailed individual patients threatening to publish their sensitive information, saying it has the names, social security numbers, phone numbers, medical history, lab results, and insurance history of over 800,000 individuals. The emails reportedly included recipients’ addresses, phone numbers, and medical record numbers as proof, and a link to a site where patients were told to make a $50 payment to prevent their data from being sold, according to The Seattle Times.

"If you are reading this, your data has been stolen and will soon be sold to various data brokers and black markets to be used in fraud and other criminal activities," read the emails.

In a warning, Fred Hutch told patients not to pay the threat actors and block the sender and delete the email.

While believed to be a rebrand of the defunct Hive ransomware operation, Hunters International has denied this. Back in January, the FBI and international partners seized control of servers that were taken hostage by the Hive, which extorted over $100 million from over 1,500 victims worldwide, including hospitals. The FBI retrieved decryption keys and gave them to victims to unencrypt their systems and data, circumventing hundreds of millions of dollars in ransoms.

Hunters International targets companies of all sizes and requests ransoms ranging from hundreds to thousands to millions of dollars, according to Bleeping Computer. It recently claimed responsibility for an attack on shipbuilding contractor Austal USA, which has done work for the U.S. government.

While Fred Hutchinson has yet to offer credit monitoring, it has encouraged patients to check for any abnormal transactions or activities in their bank statements and credit reports.

Health IT Homepage