Rhysida hawks stolen children’s hospital records on dark web for $3.4m

A ransomware gang is seeking $3.4 million after stealing data from a Chicago Children’s Hospital.

News of a cyber incident was reported earlier this month, forcing Lurie Children’s Hospital staff to shut down the hospital’s network.

The hospital has not described the incident as ransomware but did confirm a cyber attack earlier this month and systems continue to be disrupted as the hospital works to recover from the attack.

While the hospital remains operational it was reported that the outage has made the operational running of the hospital more difficult, which has had an impact on both patients and staff.

The outage has meant that ultrasound and CT scan results were rendered unavailable, patient service prioritisation systems were taken down, and doctors were forced to switch to pen and paper for prescriptions.

While the hospital didn’t mention any data leaks or potential beaches in its latest announcement last week, the ransomware-as-a-service gang Rhysida has now claimed the attack and is demanding 60 bitcoin ($3.4 million) for the stolen data to a single buyer.

According to a screenshot taken by Bleeping Computer, the gang says it holds 600GB of data. The type of data has not been detailed but Rhysida describes it as, “exclusive, unique, and impressive.”

It has also been reported that Rhysida has said that the hospital has just seven days to respond to its demands before data is leaked.

“With such sensitive data potentially at risk, Lurie Children’s Hospital will hopefully provide another update in the coming hours,” says Rebecca Moody, head of data research at tech research firm Comparitech.

A relative newcomer on the block, Rhysida – named after a type of centipede – was also responsible for the double extortion ransomware attack and data leak on the British Library.

According to Comparitech’s worldwide ransomware tracker, Rhysida was also responsible for the large-scale attacks on US healthcare companies, Prospect Medical Holdings last August (involving 190,492 records) and Singing River Health System (involving 252,980 records).

Some ransomware groups such as BlackCat claim to take a moral stance against attacking hospitals and emergency services, although security experts might argue that this usually means only when there is no risk to life.

To check out the top three most prolific ransomware gangs click here