BlackBasta Ransomware Targets U.S. Dermatology Partners in Latest Cyber Attack

Incident Date: Jul 15, 2024

Attack Overview
VICTIM
U.S. Dermatology Partners
INDUSTRY
Healthcare Services
LOCATION
USA
ATTACKER
Blackbasta
FIRST REPORTED
July 15, 2024

BlackBasta Ransomware Group Targets U.S. Dermatology Partners in Latest Cyber Attack

Overview of U.S. Dermatology Partners

U.S. Dermatology Partners is one of the largest dermatology practices in the United States, with over 100 locations across eight states, including Arizona, Colorado, Kansas, Maryland, Missouri, Oklahoma, Texas, and Virginia. The practice serves more than 2 million patients annually, offering a comprehensive range of medical, surgical, and cosmetic dermatology services. The organization is known for its patient-first approach and its team of board-certified dermatologists who specialize in areas such as clinical research, psoriasis, and Mohs micrographic surgery.

Details of the Ransomware Attack

The BlackBasta ransomware group has claimed responsibility for a recent cyber attack on U.S. Dermatology Partners. The attackers have not disclosed the specific amount or type of data exfiltrated in this incident. This marks the second time the healthcare provider has been targeted by cybercriminals. Previously, on June 26th, the hacker group BianLian claimed to have exfiltrated 300 GB of sensitive information, including personal data, accounting records, budget and financial data, contract details, non-disclosure agreements (NDAs), and employee profiles.

About BlackBasta Ransomware Group

BlackBasta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is believed to have connections to the defunct Conti threat actor group. BlackBasta targets organizations in the US, Japan, Canada, the United Kingdom, Australia, and New Zealand using a double extortion tactic. They encrypt critical data and threaten to publish sensitive information on their public leak site if the ransom is not paid. The group employs various strategies to gain initial access, including spear-phishing campaigns, insider information, and buying network access.

Potential Vulnerabilities and Penetration Methods

U.S. Dermatology Partners, like many healthcare providers, is a prime target for ransomware groups due to the sensitive nature of the data they handle. The practice's extensive network of over 100 locations and its large patient base make it a lucrative target. BlackBasta could have penetrated the company's systems through spear-phishing campaigns, exploiting vulnerabilities in their network, or using insider information. Once inside, the group likely used tools like QakBot and Mimikatz for lateral movement and credential harvesting, followed by data exfiltration and encryption.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.