Ransomware cyber

Fred Hutchinson Cancer Center

May 31, 2025 1 min read
Fred Hutchinson Cancer Center

Fred Hutchinson Cancer Center (Fred Hutch) disclosed a November 2023 cyberattack where criminals stole personal and sensitive data, including health insurance information, patients' treatments, diagnoses, and lab results. The attackers used this data to carry out aggressive extortion tactics, directly contacting patients and threatening them with swatting attacks. The FBI was involved, and the cancer center agreed to a $52.5 million settlement, which includes cash payments, infrastructure improvements, and medical fraud monitoring and insurance for affected individuals.

Source: https://www.theregister.com/2025/05/30/fred_hutch_cancer_center_commits/

TPRM report: https://scoringcyber.rankiteo.com/company/fredhutch

"id": "fre416053125",
"linkid": "fredhutch",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"
{'affected_entities': [{'customers_affected': ['2.1 million people',
                                               '140,000 applied for settlement '
                                               'benefits'],
                        'industry': 'Healthcare',
                        'location': 'Seattle',
                        'name': 'Fred Hutchinson Cancer Center',
                        'type': 'Medical Facility'},
                       {'industry': 'Healthcare',
                        'location': 'Seattle',
                        'name': 'University of Washington Medical Department',
                        'type': 'Medical Facility'}],
 'attack_vector': 'CitrixBleed vulnerability',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '800,000',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['health insurance information',
                                              "patients' treatments",
                                              'diagnoses',
                                              'lab results']},
 'date_detected': 'November 2023',
 'date_publicly_disclosed': 'December 2023',
 'description': 'A cyberattack on the Fred Hutchinson Cancer Center in '
                'November 2023 resulted in the theft of personal and sensitive '
                "data, including health insurance information, patients' "
                'treatments, diagnoses, and lab results. The attackers used '
                'highly aggressive extortion tactics, including threatening '
                'patients with swatting attacks.',
 'impact': {'data_compromised': ['health insurance information',
                                 "patients' treatments",
                                 'diagnoses',
                                 'lab results'],
            'financial_loss': '$52.5 million'},
 'initial_access_broker': {'entry_point': 'CitrixBleed vulnerability'},
 'motivation': 'Extortion',
 'post_incident_analysis': {'root_causes': 'CitrixBleed vulnerability'},
 'ransomware': {'data_exfiltration': 'Yes', 'ransom_paid': 'No'},
 'references': [{'source': 'The Register'}],
 'response': {'law_enforcement_notified': 'FBI'},
 'threat_actor': 'Hunters International',
 'title': 'Fred Hutchinson Cancer Center Cyber Attack',
 'type': 'Data Breach, Ransomware',
 'vulnerability_exploited': 'CitrixBleed'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.