U.S. Charges LockBit Developer But Ascension Ransomware Attacks Exposes Data Of 5.6 Million Patients

Cyber risk is an ever-growing discipline, as businesses need to stay up-to-date with the latest cyber threats and position themselves ahead of the curve. Yet, recent cybersecurity incidents have put the focus on ransomware attacks, which are growing in volume and severity around the world.

This comes as bad news for various industries managing private and sensitive data, especially telecom and healthcare businesses. While law enforcement has been working on taking down ransomware groups, with the US government making a recent announcement about the same, healthcare businesses are bleeding data due to cybercriminals.

Only recently, a breach at ConnectOnCall, a subsidiary of healthcare software company Phreesia, compromised over 910,000 individuals’ personal and health information. And a few weeks earlier, cybercrime group "Salt Typhoon" hacked into major US-based telecom networks.
Now, another enormous hack has hit Ascension, one of the largest healthcare providers in the U.S. This comes at the same time as US law enforcement charges a developer of LockBit ransomware for making tools that have been used to attack businesses all over the world.

So, what happened with Ascension and what does the US government’s charges mean for ransomware groups?

Let's jump right in!
 

What Happened At Ascension?

 
A ransomware attack by the Black Basta ransomware group targeted Ascension, a U.S. healthcare giant with 140+ hospitals and numerous senior living facilities, in May 2024. The attack led to the exposure of sensitive healthcare data of over 5.6 million patients.

The attackers stole personal information, including patient names, addresses, dates of birth, etc. The compromised medical information included lab tests’ data, procedure codes, payment details, credit card numbers and bank accounts. Moreover, some of the leaked information contained identification documents such as driver’s licenses and passports.

The Ascension breach caused operational chaos, leading to delayed or corrupted lab data. This can have a major consequence for patient care as it can lead to medication mistakes across Ascension’s network of 134,000 associates, 35,000 affiliate providers and 140 hospitals in 19 states.

Ascension told Maine's attorney general about the breach, which was called the third-biggest healthcare-related data theft of 2024. As a result, Ascension has started to notify patients whose data was affected and offered identity security services to lower the cyber risks even more.

Despite another ransomware attack, the US government has taken robust steps to tackle the cyber threat. So, what did the US law enforcement do?
 

Why Are The Charges Against Lockbit’s Developer Significant?

Rostislav Panev, a member of ransomware cybercriminal group Lockbit, was charged by the U.S. Department of Justice. Panev is alleged to have developed and maintained the malware code that allowed LockBit to attack hospitals, businesses and government offices around the world.

According to reports, Panev received more than $230,000 in cryptocurrency for his job and kept up-to-date tools that could turn off antivirus software, spread malware across networks and even print ransom notes on victims' computers.

Panev is said to have been working with LockBit since the group first formed in 2019. Law enforcement officials linked Panev to LockBit after finding login credentials to “multiple versions of the LockBit builder” on his PC. The tool esentially allowed users “to generate custom builds of the LockBit ransomware malware for particular victims.”

Although this is a significant move in taking down LockBit, authorities continue to search for Dmitry Khoroshev, an alleged ringleader of Lockbit. The US government has even offered a $10 million reward for information leading to his capture. Khoroshev allegedly received at least $100 million in cryptocurrency as his 20% share of ransom payments extorted by affiliates who used the Lockbit software.

While this move gives more confidence in law enforcement’s ability to take down ransomware groups, challenges remain. Ransomware groups know that healthcare businesses are simple targets as they handle private patient information that can cause major operational issues and even put lives in danger. Aside from the effects on operations, the financial cost includes ransom payments, cleanup costs, fines from regulators and damage to the company's reputation.

To keep such ransomware attacks from happening repeatedly, businesses must adopt better cybersecurity measures while cybersecurity agencies focus on identifying and dismantling ransomware networks.
 

Conclusion

The latest ransomware attack on Ascension shows that healthcare businesses must prioritize cybersecurity investments to safeguard patient data and ensure uninterrupted services. Plus, international cooperation across law enforcement agencies will be critical to dismantle ransomware networks and bring the perpetrators to justice.

While the US government is still investigating and arresting people linked to Lockbit ransomware, it signals the seriousness in fighting this cyber risk.

Do you think the latest arrest will deter ransomware groups? What changes should healthcare businesses make to ensure higher margins of safety?

Tell us what you think in the comments below!