numotion ransomware black basta

Numotion, a US manufacturer of wheelchairs and other mobility solutions, yesterday notified 4,190 people of a data breach that compromised names, Social Security numbers, dates of birth, and employment information.

Ransomware group Black Basta claimed the attack, which took place from February 29 to march 2, 2024.

Numotion’s pdf notification states:

“The forensic investigation determined that an unknown, unauthorized third party accessed our computer systems between February 29, 2024, and March 2, 2024, and encrypted some of our computer files. The investigation also determined that the third party may have accessed and acquired certain files from our systems during this period.”

We do not know how much the ransom was or whether Numotion paid it. Numotion hasn’t stated if any of the compromised data belonged to customers, nor how attackers managed to break in.

Comparitech contacted Numotion for additional comment and will update this article if it responds.

We recommend victims take advantage of the credit and identity monitoring offered by Numotion through Experian. Keep an eye on your credit reports, tax returns, and bank statements for suspicious activity. Never click on links or attachments in unsolicited emails and other messages.

Who is Black Basta?

Black Basta, not to be confused with Blackcat, is a ransomware gang that first surfaced in early 2022. It operates a ransomware-as-a-service business wherein third-party clients can pay Black Basta to use its ransomware in their own attacks.

Black Basta’s attacks are highly targeted and often extort victims twice: once for a key to decrypt affected systems, and then again in exchange for not selling or publicly releasing stolen data.

According to our data, Black Basta has been confirmed as the culprit behind 106 attacks, including 11 so far this year.

About Numotion

Numotion says it is America’s biggest provider of products and services to help people with mobility limitations. It’s mainly known for making wheelchairs, but also offers a few other healthcare-related products and services. Numotion is headquartered in Hazelwood, Missouri and has 154 offices across the US. Third parties estimate it has about 3,000 employees.

Ransomware attacks on US healthcare

We’ve tracked 626 ransomware attacks against US hospitals, clinics, and other healthcare-based organizations since 2018. We recorded 13 attacks so far in 2024, and 151 in the whole of 2023. The average ransom is $1.8 million, and an attack affects 215,824 records on average.

Ransomware attacks, in general, are destructive, but the impacts on healthcare organizations are arguably some of the most catastrophic. They cripple key systems and prevent hospitals from accessing crucial patient data until a fee is paid to the hacker. Even if the victim has backups in place and refuses to pay a ransom, the costs of downtime and recovery often outweigh the ransom demand.