DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Already in the midst of a crisis, a Houston hospital was attacked by ransomware

Posted on August 30, 2020 by Dissent

It’s been a rough year for the U.S. in terms of COVID-19. And some areas have been hit worse than others. On August 1, CNN tweeted about how rough things were at Houston’s United Memorial Medical Center.

Yesterday was Dr. Joseph Varon’s 134th day leading the coronavirus unit at Houston’s United Memorial Medical Center.

Last week, he signed more death certificates than he has at any point in his career. https://t.co/QA3M6Fghj8 pic.twitter.com/d0RiPGS2j9

— CNN (@CNN) August 1, 2020

Yesterday was Dr. Joseph Varon’s 134th day leading the coronavirus unit at Houston’s United Memorial Medical Center.

Last week, he signed more death certificates than he has at any point in his career. https://t.co/QA3M6Fghj8 pic.twitter.com/d0RiPGS2j9

But that wasn’t the only added stress United Memorial Medical Center (UMMC) was dealing with.  Although details are still sketchy, it appears that the Houston medical center also got hit with ransomware at the end of July.

On or about August 3, Maze Team — who had briefly sworn off attacking medical facilities because of the pandemic, added UMMC to their leak site. The threat actors use the site to name victims who have not paid their ransom demands. They generally dump some of the data that they claim to have hacked, presumably to motivate their victims more to pay up before more data is dumped. Maze Team’s approach has been adopted by a number of other ransomware threat actors or teams, but it is not clear to me that the naming and data dumping actually brings most victims around to paying ransom. There have only been a few cases that this blogger can recall where names were subsequently removed from a site. For the post part, it seems that if victims do not agree to pay, they continue to stand firm, even when the threat actors add their name to a leak site, dump data, attempt to auction it, or otherwise try to sell it.

As is Maze Team’s pattern, they did not indicate how much ransom they were demanding. Nor did they indicate whether this particular attack involved collaboration or partnership with any other ransomware threat group. The fact that the listing was never removed, however, strongly suggests that the center did not pay the ransom demand.

Most of the files Maze posted as proof of the claimed UMMC hack were just general files from the center, but one folder did contain some identifiable patient records. DataBreaches.net was able to confirm that there were real people with those names living in the Houston area.

But if the files Maze posted constitute %5  of what was exfiltrated, then Maze didn’t get many files from the center, it seems.  But what did they get, and how did UMMC respond to the attack? Were any vital systems or servers encrypted? Was patient care impacted at all?  Was the medical center able to restore from backup? Hopefully, the attack had minimal impact. There has been no notice on the center’s site about any service interruptions or delays and no local media coverage to alert residents to any issues, so this may be a very minor incident in terms of the center’s ability to care for patients.

DataBreaches.net reached out to UMMC via email to inquire about the ransomware incident but with everything they have had going on there and their current challenges like dangerously high heat and some impending storms, I won’t even try to guess when a response might be forthcoming. This post will be updated when one is received, though.

Related posts:

  • Maze Team continues its campaign of naming, shaming, and dumping victims’ data while other attackers adopt the same model
  • University of Mississippi Medical Center to pay $2.75M to settle HIPAA charges
  • The Ransomware Superhero of Normal, Illinois
  • University of Mississippi Medical Center and Mississippi State Department of Health notify 1500 research participants that stolen laptop contained their health information
Category: Breach IncidentsHealth DataMalware

Post navigation

← Greenville Technical College claims no personal data affected by ransomware incident; threat actors claim otherwise
Rocky Mount hit by ransomware, investigating and trying to recover →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.