Rural Health Services, Inc., a federally qualified private nonprofit health center (FQHC) headquartered in Aiken, South Carolina, has recently fallen victim to a ransomware attack orchestrated by the notorious Medusa cybercriminal group. The organization, which operates multiple facilities—including the Clyburn Center for Primary Care, the Margaret J. Weston Community Health Center, Family Health Care, and the Women & Children’s Health Center—has suffered significant damage, with a substantial amount of sensitive data belonging to both patients and employees now at risk.
Medusa, known for executing highly sophisticated and targeted attacks against healthcare entities and critical infrastructure, compromised the systems of Rural Health Services, Inc. in the final days of January. The group proceeded to encrypt a vast amount of sensitive data stored on the organization’s servers and demanded a ransom payment of $200,000 in Bitcoin. They have threatened to publish the exfiltrated data should the payment not be made within the stipulated deadline.
The attack has resulted in the theft of a wide range of highly sensitive and confidential information. The compromised data includes PHI (Protected Health Information) and PII (Personally Identifiable Information). Based on the file structure reviewed, it is estimated that over 22,000 documents are currently in the hands of the cybercriminals, including:
- Full names of employees and patients
- Dates of birth
- Gender
- Addresses
- Phone numbers
- Employee payroll data
- Passports
- Driver’s licenses
- National Provider Identifier (NPI)
- Social Security Numbers (SSNs)
- Medical records
- Laboratory test results
- Administrative documents
- Health insurance information, and more
As an example, we are publishing two redacted documents exfiltrated from Rural Health Services, Inc.’s servers, which remain in the possession of the Medusa group.
Screenshot and redaction by SuspectFile.com
Screenshot and redaction by SuspectFile.com
The compromise of such data exposes the affected individuals to serious risks, including identity theft and potential financial fraud, while also posing a significant threat to the reputation and overall security of Rural Health Services, Inc.
The Medusa ransomware group has set a ransom payment deadline of February 13, warning that failure to comply will result in the public release of the stolen data. This strategy is characteristic of cyber extortion operations, where the threat of exposing exfiltrated data is used as leverage to increase pressure on the targeted entity.
The attack highlights the growing vulnerability of healthcare organizations to cyber threats, particularly given the sensitive nature of the data they handle. The public disclosure of confidential medical and personal information could cause incalculable damage, with devastating consequences for patients and employees while severely undermining public trust.
With the ransom payment deadline rapidly approaching, the situation for Rural Health Services, Inc. remains critical. Ransomware attacks against healthcare facilities not only jeopardize the security of sensitive data but also disrupt the delivery of essential services to the community. This cyberattack serves as a stark reminder of the urgent need for advanced and proactive cybersecurity measures in the healthcare sector.
As of now, it remains unclear how Rural Health Services, Inc. will respond to the attackers’ demands. However, the incident underscores the severe implications of cybercrime within the global healthcare landscape, where data security must be treated as an absolute priority to safeguard both individuals and organizations.