Rhysida Ransomware Group Claims Responsibility for AXIS Health System Attack
AXIS Health System, a Colorado-based network of behavioral health facilities, has confirmed via its website that it has experienced a cyber incident. Few details have been released about the nature of the attack other than its incident response protocol has been initiated and an investigation is underway to determine the nature and scope of the incident. “If it is determined that patient data was impacted, affected individuals will be notified directly by mail,” explained AXIS Health in its website notice.
Patient data does appear to have been stolen in the attack, according to the Rhysida ransomware group. Rhysida is a ransomware-as-a-service group that is known to attack healthcare organizations. An H1 2024 analysis by Barracuda Networks indicates that Rhysida was behind 8% of known ransomware attacks, between August 2023 and July 2024, and 38% of the group’s victims were healthcare organizations. Recent attacks include BayHealth Healthcare System in Delaware, Community Care Alliance in Rhode Island, Ann & Robert H. Lurie Children’s Hospital in Chicago, and Prospect Medical in California.
The group engages in double extortion tactics, stealing data before encrypting files. Rhysida operates a dark website where victims of attacks are listed and stolen data is often leaked; however, in contrast to many RaaS groups, Rhysida attempts to sell the stolen data and only appears to resort to data leaks if the data cannot be sold. On October 10, 2024, Rhysida claimed responsibility for the attack on nonprofit AXIS Health and gave the health system 7 days to pay the 25 BTC ransom (Approx $1.58 million). Screenshots of some of the data allegedly stolen in the attack have been uploaded to the data leak site as proof of the attack. The screenshots appear to include some patient data. The group claims it will auction the stolen data to a single purchaser if the ransom is not paid. The deadline for making payment is October 17, 2024. The listing does not currently state how much data was stolen in the attack.
Another recent Rhysida victim is the Guthrie, OK Medicare-Certified short-term nursing and rehabilitation service provider Golden Age Nursing Home. Rhysida demanded a 10 BTC ransom to prevent the sale/leaking of $102 GB of data stolen in the attack. The ransom was not paid; however, a sale could not be arranged, so the stolen data has started to be leaked.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
