The Rhysida ransomware gang has claimed accountability for the large cyberattack on Prospect Medical Holdings, claiming to have stolen 500,000 social safety numbers, company paperwork, and affected person data.

The assault is believed to have occurred on August third, with workers discovering ransom notes on their screens stating that their community was hacked and gadgets encrypted.

Prospect Medical Holdings (PMH) is a US healthcare firm working 16 hospitals in California, Connecticut, Pennsylvania, and Rhode Island and a community of 166 outpatient clinics and facilities.

The cyberattack triggered the hospitals to close down their IT networks to forestall the assault’s unfold, forcing hospitals again to utilizing paper charts.

Whereas PMH didn’t reply to queries in regards to the safety incident, BleepingComputer later discovered that the Rhysida ransomware gang was behind the assault.

Since then, PMH hospital networks, resembling CharterCare, now state that techniques are up and working once more however are nonetheless restoring affected person data.

“Work to enter paper affected person data utilized by our caregivers whereas our techniques have been down into our digital medical file (EMR) system is ongoing,” reads a discover on CharterCare.org.

Nonetheless, BleepingComputer was advised there had been no communication to workers about whether or not their information was stolen within the assault.

Rhysida claims assault

Rhysida is a ransomware operation that launched in Could 2023 and rapidly rose to notoriety after attacking the Chilean Military (Ejército de Chile) and leaking its information.

Earlier this month, the US Division of Well being and Human Companies (HHS) warned that the Rhysida gang was behind latest assaults on healthcare organizations.

Now, the Rhysida ransomware gang has claimed the assault on Prospect Medical Holdings, threatening to promote the corporate’s allegedly stolen information for 50 Bitcoins (value $1.3 million).

The risk actors declare that they stole 1 TB of paperwork and a 1.3 TB SQL database containing 500,000 social safety numbers, passports, driver’s licenses, company paperwork, and affected person’s medical data.

“They kindly supplied: greater than 500000 SSN, passports of their purchasers and workers, driver’s licenses, affected person information (profile, medical historical past), monetary and authorized paperwork!!!,” reads the Rhysida information leak website.

The gang’s information leak website additionally shared quite a few screenshots of driver’s licenses, social safety playing cards, paperwork, and what seems to be sufferers’ medical data.

Some screenshots confirmed leaked paperwork containing letterhead for Jap Connecticut Well being Community, certainly one of PMH’s hospital networks.

BleepingComputer has contacted PMH with questions in regards to the leaked information however has not obtained a response at the moment.