Therapeutic Health Services over the weekend confirmed it notified 14,164 people of a February 2024 data breach that compromised names, Social Security numbers, health information, dates of birth, and information regarding medical services.
Ransomware group Hunters International claimed responsibility for the attack. On Hunter’s leak site, the group claimed to have stolen 160 GB of data. In addition to the data mentioned above, it further claims to have stolen client passports, addresses, and email addresses
THS, a Washington state chain of opioid addiction and mental health clinics, has not verified Hunters’ claim as of time of writing. We do not yet know whether THS paid a ransom, how much ransom was demanded, or how attackers breached THS’ network. Comparitech contacted THS for comment and will update this article if it responds.
We recommend victims take advantage of the free credit monitoring and identity theft protection offered by THS via CyEx. The deadline for enrollment is 90 days after receipt of the data breach notification letter.
Who is Hunters International?
Hunters International first appeared in October 2023, and is rumored to be a spin-off of an earlier group called Hive. Hunters often extorts victims twice in one attack: it seeks one ransom for decrypting systems and another for deleting stolen data.
Comparitech has logged 28 confirmed attacks by Hunters, affecting 975,166 records since it began operations.
Nine of those attacks were on healthcare companies. Hunters International recently claimed a May 2024 attack on Northeast Rehabilitation Hospital Network.
Hunters claimed responsibility for a large-scale hack on Fred Hutchinson Cancer Center in November 2023, which affected 890,959 records. The group even contacted individual patients and demanded $50 in ransom to delete their data.
We further tracked 117 unconfirmed attacks claimed by Hunters since October 2023, four of which were on healthcare companies.
Ransomware attacks on US healthcare
Hospitals, clinics, and other healthcare-related organizations are frequent targets for ransomware attacks. In addition to data theft, ransomware can disrupt key systems used for payments, appointments, medical records, and more. Hospitals and clinics might be forced to cancel appointments and divert patients elsewhere, or resort to pen and paper until systems are restored.
Comparitech researchers have recorded 40 confirmed ransomware attacks on Us healthcare organizations so far this year, affecting 5,375,477 records. The average ransom was $915,000.
In other healthcare ransomware news today, ransomware gang Daixin claimed responsibility for a cyber attack on Acadian Ambulance. The claim follows a cyber attack on Acadian toward the end of June.
About Therapeutic Health Services
THS is the largest nonprofit provider of medication-assisted treatment for opioid addiction in the Puget Sound, Washington region, according to its website. It serves more than 4,000 people per year recovering from substance abuse and mental health issues.