RansomHouse Targets United Urology Group in Major Ransomware Attack

Incident Date: May 23, 2024

Attack Overview
VICTIM
United Urology Group
INDUSTRY
Healthcare Services
LOCATION
USA
ATTACKER
Ransomhouse
FIRST REPORTED
May 23, 2024

RansomHouse Targets United Urology Group in Major Ransomware Attack

Company Overview

United Urology Group, a management services organization, is a leading national network of urology specialists operating affiliate practices in Arizona, Colorado, Delaware, Maryland, and Tennessee. With 220 providers across 95 locations, it stands as one of the largest urology networks in the U.S., dedicated to providing high-quality urological care including surgeries, prostate care, and kidney stone treatments.

Details of the Attack

On April 5, 2024, United Urology Group fell victim to a ransomware attack orchestrated by the cybercriminal group RansomHouse. The attack resulted in the exfiltration and encryption of approximately 300GB of sensitive data. The data, critical to patient care and operations, is currently held ransom, with the disclosure of this data pending the group's response to the ransom demands.

RansomHouse: A Unique Threat

RansomHouse, distinct from traditional ransomware groups, focuses on data exfiltration rather than encryption. They threaten to publicly release stolen data if their demands are not met, leveraging stolen credentials and advanced penetration techniques to access networks. RansomHouse has been linked to other ransomware entities like White Rabbit and Hive, utilizing tools such as PowerShell and Mimikatz to maintain access and evade detection.

Vulnerabilities Exploited

The attack on United Urology Group underscores significant cybersecurity vulnerabilities within healthcare organizations. These vulnerabilities include inadequate network segmentation, weak password policies, and insufficient monitoring of remote access points. RansomHouse likely exploited compromised credentials to infiltrate the network, employing persistence mechanisms to maintain access and exfiltrate data using tools like 7-Zip for obfuscation.

Impact and Response

The breach has serious implications for United Urology Group, both in terms of operational disruption and potential reputational damage. With a reported revenue of $23.8 million and a workforce of 178 employees, the organization must now focus on mitigating the fallout, safeguarding patient data, and addressing the identified security gaps to prevent future attacks.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.