United Health Centers Ransomware Attack Claimed by Vice Society
California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft.
United Health Centers is a health care provider in California with twenty-one community health centers servicing Fresno, Kings, and Tulare counties.
On August 31st, BleepingComputer was told by a source in the cybersecurity industry that United Health Centers was reeling from a Vice Society ransomware attack that caused them to shut down their entire network.
We were told the outage caused disruptions in the IT system for all of their locations and that they have begun to reimage computers and recover data from offline back-ups.
At the time, BleepingComputer reached out to UHC multiple times but did not receive a response to any of our queries to confirm the attack.
This week, the Vice Society ransomware gang leaked files that the threat actors allegedly stole from United Health Centers during the August attack.
We have been told that the leaked files contain sensitive information, such as patient benefits, financial documents, patient lab results, and audits.
BleepingComputer once again reached out to UHC last night about the leaked data but did not receive a response.
Furthermore, UHC has not disclosed this attack or the potential compromise of patient data on their website.
20% of Vice Society’s victims are in healthcare
Vice Society is a relatively new ransomware operation that launched in June 2021, with 20% of the companies listed on their data leak site in the healthcare industry.
After we learned of the attack on United Health Centers, BleepingComputer emailed Vice Society to find out why they allow hospitals to be targeted.
Their response to our question is below:
They always keep our private data open. You, me and anyone else go to hospitals, give them our passports, share our health problems etc. and they don’t even try to protect our data. They have billions of government money. Do they steal that money?
USA president gave big amount to protect government networks and where is their protection? Where is our protection?
If IT department don’t want to do their job we will do ours and we don’t care if it hospital or university.” – Vice Society ransomware.
While some ransomware gangs prohibit attacks on hospitals and medical facilities, unfortunately, a growing number of newer ransomware gangs are not prohibiting these types of attacks.
Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.
Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.
Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.