Share this article on:
The Vice Society ransomware gang claims to have conducted a ransomware attack on the California healthcare provider United Health Centers of San Joaquin Valley. United Health Centers operates more than 20 community health centers in Fresno, Kings, and Tulare counties.
The Vice Society ransomware gang emerged mid-2021 and is believed to be a spin-off of the HelloKitty ransomware operation. The gang is known to use a variety of methods to gain access to victims networks, including exploiting vulnerabilities such as the PrintNightmare bugs.
The gang is known for exfiltrating data from victims’ systems prior to the use of ransomware to encrypt files. Data are then published on its data leak site to pressure victims into paying the ransom. This attack appears to be no exception. Bleeping Computer reports it was notified on August 31, 2021 about the ransomware attack on United Health Centers by a trusted member of the cybersecurity community who said the healthcare provider’s entire network was shut down as a result of the attack.
The cyberattack has yet to appear on the HHS’ Office for Civil Rights Breach Portal or the website of the California Attorney General and United Health Centers has not published any notification on its website at the time of writing. Under HIPAA, regulated entities have up to 60 days to issue notifications about a data breach.
Bleeping Computer reports the Vice Society gang has already leaked data allegedly obtained in the attack on its data leak website, some of which contains patients’ protected health information (PHI). Databreaches.net has reviewed some of the dumped files and confirmed they contained PHI such as names, dates of birth, insurance information, dates of service, diagnostic codes, and treatment and service codes, along with a folder containing files of patients who had fallen into arrears on their accounts and were referred to debt collection agencies in 2012. Some of those files included patients’ Social Security numbers, diagnosis information, and other types of PHI.
Bleeping Computer said its source said the attack caused major disruption to its IT systems, although the healthcare provider had backups that were not impacted in the attack. United Health Centers has reportedly started re-imaging computers and restoring data from backups. That, along with the data dump, suggests the ransom was not paid.
Both Bleeping Computer and Databreaches.net said they reached out to United Health Centers multiple times but have yet to receive a response about the attack.
While several ransomware-as-a-service operations place restrictions on industry sectors that can be attacked and avoid the healthcare industry, Vice Society certainly does not fall into that group. Around a fifth of its attacks are conducted on the healthcare sector.