The Rhysida ransomware group targeted the City of Columbus, Ohio, and Franklin County, Kansas. Despite efforts to prevent encryption, both entities experienced data theft. Rhysida is now auctioning 6.5 TB of stolen data from each.
What happened
In July 2024, Rhysida launched a ransomware attack on Columbus, Ohio. The city's swift action prevented encryption, but Rhysida still managed to steal 6.5 TB of data.
According to a screenshot of Rhysida's listing for the auction of the Columbus data, Rhysida updated its website to auction the stolen data, which includes "databases, internal logins, and passwords of employees, a full dump of servers with emergency services applications of the city," and "access from city video cameras."
Likewise, in May 2024, Franklin County, Kansas, fell victim to a ransomware attack by Rhysida, which stole 6.5 TB of sensitive data.
Despite the Department of Technology trying to stop encryption, Rhysida expect to auction the stolen data for at least 30 Bitcoin (approximately $1.9 million).
Going deeper
In Columbus, the breach was traced back to a malicious website download, while Franklin County's attack compromised protected health information (PHI) from the County Health Department and Adult Detention Center. While these breaches are being investigated, Columbus is offering credit monitoring services to affected employees, while Franklin County is monitoring the dark web for evidence of data publication.
What was said
According to Columbus Mayor Andrew J. Ginther, "The City of Columbus was the victim of a crime committed by an established, sophisticated threat actor operating overseas. I'm grateful for the swift and bold action of our Department of Technology, the FBI, and Homeland Security to protect our IT systems, our residents, and employees."
Furthermore, Franklin County officials have confirmed that the stolen data includes PHI and are committed to improving cybersecurity measures to prevent future incidents.
Why it matters
Rhysida attacks include the ransomware incident at Lurie Children's Hospital in Chicago, where stolen data was sold for $3.4 million, so local governments must improve their security measures and employee training to mitigate the risk of future data breaches.
Read also: 3.8 million patients impacted by healthcare data breaches in June 2024
FAQs
What is a data breach PHI?
A breach occurs when an unauthorized party gains access, uses, or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
How can covered entities protect themselves from ransomware attacks?
Covered entities must use HIPAA compliant platforms, like Paubox, which offer multi-factor authentication, access controls, and a secure cloud service to safeguard protected health information (PHI).
Additionally, regular HIPAA training can help staff avoid clicking on suspicious links or downloading files from untrusted sources, protecting the organization from ransomware attacks.
What should individuals do if their data has been compromised?
If an individual suspects their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
Furthermore, they should use identity theft protection services and credit monitoring to track misused information.
