Summit Health network hit by possible ransom attack


The northeast healthcare network Summit Health of thousands of medical providers, has allegedly been breached in an attack by the LockBit ransomware gang.

Summit Health consists of more than 370 locations throughout the New York, New Jersey, Pennsylvania, and Connecticut region, plus nine other medical clinics located in Central Oregon.

Besides the thousands of patients seen through its urgent care, specialty and primary offices, Summit network includes more than 2,800 medical providers.

ADVERTISEMENT

The company has around 13,000 employees whose data could be at risk.

The LockBit ransomware gang posted the healthcare conglomerate on its dark leak site Wednesday afternoon.

Summit Health Lockbit 1
LockBit leak site

According to LockBit, Summit Health has until November 8th to make contact and begin negotiations.

Otherwise, the Russian-linked ransomware gang says it will publish all available data.

LockBit did not disclose how much data or the categories of sensitive information it may have exfiltrated from the healthcare entity.

Cybernews has reached out to Summit and is awaiting a response.

Summit Health Lockbit 2
LockBit leak site
ADVERTISEMENT

The healthcare conglomerate also runs its own charitable organization Summit Health Cares, which provides free health screenings and education to underserved communities across New York, New Jersey, and Oregon.

Part of its mission includes supporting cancer patients and their families by offering resources and personalized navigation services, according to the company.

Summit’s various websites all seemed to be up and running at the time of this report.

The company is a subsidiary of the nationwide primary care platform provider Village MD.

Besides Summit Health, Village MD also owns the NY/NJ urgent care network CityMD, the in-home primary care network Village Medical, and Village Medical at Home, with locations in about a dozen US states.

LockBit tied to Russia

The LockBit group first appeared on the ransomware scene sometime in late 2019, according to industry insiders. Since then, the gang has climbed to the top of the food chain, topping many lists in terms of victimized organizations.

Last week, the group claimed The Boeing Company as its latest victim, claiming to have exfiltrated a treasure trove of sensitive files from the global aviation and space technology company.

LockBit had only given Boeing six days to respond to its claim, unlike its normal grace period of about ten days for ots victims.

On October 31st, Boeing was removed from the group’s dark leak site, leading to industry speculation that the military defense contractor has begun some sort of negotiations with the threat actors.

ADVERTISEMENT

LockBit is said to have executed over 1,400 attacks against victims in the US and around the world, including Asia, Europe, and Africa.

The gang’s notorious ransomware variant LockBit 3.0 – also known as LockBit Black – is now in its third iteration and is considered the most evasive version of all previous strains, a US Department of Justice report said.

The variant also happens to share similarities with two other Russian-linked ransomware; BlackMatter and BlackCat (ALPHV/BlackCat), the DOJ said.