Mission Community Hospital in California continues to investigate a cyberattack.
The RansomHouse advertisement for Mission Community Hospital stated that it had 2.5 TB of data and included some supporting documentation.
Following further analysis, they came to the conclusion that the threat actor had exploited vulnerabilities in both the network and VMware environments to get access to the hospital infrastructure and have an impact on vital systems.
They list a number of folders that contain both current files and files from previous years that contain patient data as part of their leak.
TPRM report: https://scoringcyber.rankiteo.com/company/mission-community-hospital
"id": "mis144625623",
"linkid": "mission-community-hospital",
"type": "Data Leak",
"date": "06/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Healthcare',
'location': 'California',
'name': 'Mission Community Hospital',
'type': 'Healthcare'}],
'attack_vector': ['Network Vulnerabilities', 'VMware Vulnerabilities'],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Patient Data'},
'description': 'Mission Community Hospital in California continues to '
'investigate a cyberattack. The RansomHouse advertisement for '
'Mission Community Hospital stated that it had 2.5 TB of data '
'and included some supporting documentation. Following further '
'analysis, they came to the conclusion that the threat actor '
'had exploited vulnerabilities in both the network and VMware '
'environments to get access to the hospital infrastructure and '
'have an impact on vital systems. They list a number of '
'folders that contain both current files and files from '
'previous years that contain patient data as part of their '
'leak.',
'impact': {'data_compromised': '2.5 TB of data including patient information',
'systems_affected': 'Vital hospital systems'},
'initial_access_broker': {'entry_point': ['Network Vulnerabilities',
'VMware Vulnerabilities'],
'high_value_targets': 'Vital hospital systems'},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Vulnerabilities in network and '
'VMware environments'},
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'RansomHouse'},
'threat_actor': 'RansomHouse',
'title': 'Cyberattack on Mission Community Hospital',
'type': 'Ransomware',
'vulnerability_exploited': ['Network Vulnerabilities',
'VMware Vulnerabilities']}