Christus Health Cyberattack: AvosLocker Approves The Involvement 

Posted by HIPAA Software on May 19, 2022
Christus Health Cyberattack

After the recent Christus Health cyberattack investigation, the involved ransomware-as-a-service (RaaS) grouping AvosLocker assumed responsibility for it. Fortunately, Christus Health’s cybersecurity team stated in the local press that it managed to report the ransomware attack efficiently, so no data theft occurred.

What is Christus Health?

Christus Health is a not-for-profit healthcare system that locates in Irwine, TX. The Christian organization takes care of more than 600 medical centers. Among them are health facilities, walk-in and public hospitals, ministries of health, etc. These health institutions are located in Texas, Louisiana, New Mexico, and Arkansas. Medical centers also operate in South America. 

About AvosLocker

As mentioned above, AvosLocker is a grouping of cybercriminals that act under the RaaS model. It started the activity a year ago and has appeared in numerous alerts. The gang involves the method of double extortion. First, they stole and managed data exfiltration before encrypting and then demanded redemption. If they don’t get a ransom, they pose a threat to auction it off.

Since the commencement of AvosLocker activities, the number of cyberattacks has considerably increased. According to the statistical data, the grouping conducted about 30 cyberattacks in January and 37 in February. Usually, their tactic is to maliciously use unliquidated weak spots to access the target’s network. Also, the group uses compromised RDP and VPN accounting data. There is still no information about the base of this group, but they are supposed to locate in Russia. 

The Federal Alerts about AvosLocker

Two months ago, the Federal Bureau of Investigation (FBI) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) published a collaborative cybersecurity tutorial on indicating the AvosLocker ransomware attack. The alert states that the gang targets critical infrastructures, such as finances, crucial production, and civil and healthcare services.

The AvosLocker ransomware usually acts by encrypting and renaming files on the target server with their “.avos” extension. The gang demand ransom in Monero, but sometimes it can be Bitcoin with a hefty surcharge. It depends on the subsidiary.

Sometimes affected individuals may get incoming calls from AvosLocker threat actors. In some cases, cyber villains apply DDoS attacks while conducting the conversation.

How did the Christus Health Cyberattack Start?

Primarily, Christus Health detected suspicious unauthorized activity in their network. So, they managed to block the potential danger. The immediate response of the cybersecurity team impacted the outcomes positively. It reduced the number of influence points and provided privacy and security of their patient’s health data. Currently, the healthcare system is investigating this case together with external cybersecurity specialists to realize the scale of the violation.

The Outcome of the Christus Health Cyberattack

AvosLocker posted the fragment of the data stolen during the Christus Health cyberattack. It is a piece of patients’ protected health information (PHI). It involves names, dates of birth, Social Security numbers, information about illnesses and provided treatments, etc. According to the report, data belongs to oncologic patients. So, at this point, the scale of damage is still in the inquiry process.

Other Cases of Cyberattack Conducted by AvosLocker

Christus Health Cyberattack

One of the most famous examples of AvosLocker’s malicious activity in the healthcare field of the USA is the case of the McKenzie Health System. The grouping threatened the Michigan-basing hospital at the beginning of the spring this year. They stole the protected health information (PHI) of more than 25K patients. AvosLocker posted the piece of this sensitive data on their darknet website.

According to the information provided by McKenzie Health System, AvosLocker accessed their computer systems and broke some of them. As a result, the grouping removed many patients’ healthcare data. Like the Christus Health cyberattack case, stoled data contained patients’ PHI, such as names, dates of birth, Social Security numbers, demographic information, medical records, etc. However, the hospital doesn’t define that AvosLocker and another grouping of cybercriminals have a relation to this incident.

Among other cases of AvosLocker ransomware attacks is the Moorfields Eye Hospital case. The hospital locates in the United Arab Emirates and is a subsidiary of the British National Health Service’s Moorfields Eye Hospital Foundation Trust. The grouping approved that they were involved in the theft of more than 60GB of private information.

Check our news to stay up to date!

We will be happy to hear your thoughts

Leave a reply

hipaa-software.com
Logo
Register New Account
Reset Password
Compare items
  • Total (0)
Compare