University Medical Center of Southern Nevada allegedly attacked by REvil threat actors

The University Medical Center of Southern Nevada, who proudly proclaims itself the official healthcare provider for the Vegas Golden Knights, has allegedly been the victim of a cyberattack by REvil (Sodinokibi) threat actors. The well-known ransomware operators added the medical center to their dedicated  “Happy Blog” dark web  leak site yesterday — an addition that generally means that a victim has ignored the threat actors or has refused to pay some demanded ransom. The listing does not indicate when REvil allegedly attacked the medical center or how much data they claim to have exfiltrated. For now, as proof of access, they dumped a handful of images of driver’s licenses, passports, and social security cards. There has been no disclosure by the medical center or any statement on their web site or Facebook page. DataBreaches.net sent three email inquiries today to the medical center, asking for a statement confirming or denying the claimed attack, and describing the scope or impact of it if they confirmed it. There has been no reply. The medical center, which is the only public, non-profit hospital in Clark County and operates the state’s only Level I Trauma Center, provides services to patients in four states within 10,000 square miles. As such, it is critical to the area in the case of any mass casualty event and any attack encrypting files or systems could potentially be disastrous. Then, too, given that the medical center are the healthcare providers to the Vegas Golden Knights, it is possible that threat actors would try to sell the athletes’ records or any records they could acquire concerning the team. Hopefully, the medical center was prepared for an attack and either thwarted it quickly or was able to recover fully.  But we won’t know until they issue a response to inquiries. This post will be updated if a reply is received, but in the absence of any confirmation, prudence dictates treating it as an unconfirmed claim by the threat actors. Post corrected to reflect that REvil added the listing to their leak site yesterday, not today.DataBreaches.netRead More