This morning, ransomware gang INC added Menominee Tribal Clinic of Wisconsin to its data leak site. This comes after the Clinic issued a statement on January 15, confirming it had suffered a cyber attack over Christmas. The Clinic had been experiencing system and telephone disruption from December 26.
In its notification, the Menominee Tribal Clinic confirms that its servers were affected in a “cybersecurity attack” and that authorities had been notified. It also said: “At this time, the Clinic is not aware of any evidence that any patient or employee data has been compromised as a result of the attack.”
According to updates on Facebook, some services were restored (except in Neopit Precinct) on January 3 but telephone disruptions continued throughout early January.
The Clinic hasn’t confirmed INC’s claims or whether or not a ransom was demanded and/or paid. Comparitech has contacted it for more information and will update this article if it responds.
Who is INC?
INC first surfaced in July 2023 and, since then, we’ve tracked 75 confirmed and 156 unconfirmed ransomware attacks via this group. Its methods involve spear phishing and exploiting known vulnerabilities in software.
INC targets a range of industries but appears to have a particular focus on healthcare companies (27 of the confirmed attacks are on hospitals and clinics). Some of its most recent victims have included Taylor Regional Hospital and Youth Eastside Services in the US, Alder Hey Children’s NHS Foundation Trust in the UK, and Fundación Arturo López Pérez (FALP) in Chile.
Nearly 4.1 million records have been breached across INC’s confirmed attacks with 3.1 million of these being in the 27 healthcare attacks. A large number stems from its attack on OnePoint Patient Care (OPPC) in August 2024.
So far this year, INC has added 24 victims to its data leak site, 20 of which remain unconfirmed. In today’s upload, it also claimed the recent attack on youth employment service provider, Mission Locale Montpellier.
Ransomware attacks on US hospitals and clinics
During 2024, we noted 132 confirmed attacks on US hospitals and clinics. The data breaches resulting from these attacks affected over 21.8 million records — at least. And the average ransom demanded was just over $1.03 million.
We also tracked 144 unconfirmed attacks throughout 2024 and have seen 13 this year.
Frederick Health in Maryland is the only confirmed ransomware attack this year so far. It took its systems offline on Monday (27) with some ambulances being diverted to other emergency departments. In its last update yesterday, it confirmed the Frederick Health Village Laboratory was closed but that all other Frederick Health Laboratory locations and Frederick Health Medical Group were open but may experience delays.
Unfortunately, like Menominee Tribal Clinic and Frederick Health, downtime as a result of these attacks is all too common. Our recent study found that the average healthcare organization loses 17 days to downtime following a ransomware attack, with each day costing $1.9 million on average.
About Menominee Tribal Clinic
Located in Keshena, Wisconsin, the Menominee Tribal Clinic has over 140 employees and serves around 4,000 people.
