In November 2023, Seattle-based Fred Hutchinson Cancer Center fell victim to a Hunters International ransomware attack, compromising the sensitive data of 800,000 patients. The breach involved exfiltration of personal and medical information, which attackers leveraged for extortion tactics targeting cancer patients. While the organization did not pay the ransom, the fallout led to a $52.5 million class-action settlement, including: - $25.5 million for insurance and medical fraud monitoring for affected individuals. - $11.5 million in direct cash payouts to victims. - $13.5 million allocated for infrastructure security upgrades. The attack underscored severe reputational and operational damage, with no confirmed misuse of data but significant financial and trust-related consequences. The incident also coincided with reports of Hunters International’s impending rebrand, reflecting the evolving threats in the ransomware landscape.
Source: https://www.scworld.com/brief/nearly-52-5m-settlement-to-be-paid-by-fred-hutch-over-2023-cyberattack
TPRM report: https://www.rankiteo.com/company/fredhutch
"id": "fre2264322112825",
"linkid": "fredhutch",
"type": "Ransomware",
"date": "11/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '800,000 patients',
'industry': 'healthcare/cancer research',
'location': 'Seattle, Washington, USA',
'name': 'Fred Hutchinson Cancer Center',
'type': 'non-profit healthcare/research institution'}],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '800,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (healthcare/PII)',
'type_of_data_compromised': ['patient records',
'personally identifiable '
'information (PII)']},
'date_detected': '2023-11',
'description': 'Seattle-based Fred Hutchinson Cancer Center was targeted by a '
'Hunters International ransomware attack in November 2023, '
'impacting 800,000 patients. Attackers exfiltrated data and '
'used it for extortion, particularly targeting cancer '
'patients. The center agreed to a $52.5 million settlement, '
'including $25.5 million for insurance and medical fraud '
'monitoring, $11.5 million in cash payouts, and $13.5 million '
'for security upgrades. Fred Hutch did not pay the ransom, and '
'no evidence of data misuse was found.',
'impact': {'brand_reputation_impact': True,
'customer_complaints': True,
'data_compromised': True,
'financial_loss': '$52.5 million (settlement)',
'identity_theft_risk': True,
'legal_liabilities': '$52.5 million (class action settlement)'},
'initial_access_broker': {'high_value_targets': ['patient data',
'cancer research records']},
'investigation_status': 'resolved (settlement reached)',
'motivation': ['financial gain', 'extortion'],
'post_incident_analysis': {'corrective_actions': ['$13.5 million allocated '
'for infrastructure '
'security enhancements']},
'ransomware': {'data_exfiltration': True,
'ransom_demanded': True,
'ransomware_strain': 'Hunters International'},
'references': [{'source': 'The Register'}],
'regulatory_compliance': {'legal_actions': ['class action lawsuit',
'settlement agreement']},
'response': {'enhanced_monitoring': True,
'incident_response_plan_activated': True},
'threat_actor': 'Hunters International',
'title': 'Hunters International Ransomware Attack on Fred Hutchinson Cancer '
'Center',
'type': ['ransomware', 'data breach', 'extortion']}