Rhysida Ransomware Trains Its Sights on Healthcare Operations

The new group has already made an impact in multiple countries and industries, including a multistate hospital chain in the US.

Government agencies and cybersecurity firms are on being more vigilant after the US Department of Health and Human Services (HHS) detailed an alert with an overview of Rhysida ransomware.
Rhysida is a ransomware-as-a-service (RaaS) group that is still in its early stages of development, first emerging in May.
According to the alert
, the group drops the ransomware through phishing attacks and Cobalt Strike to breach targets networks and deploy their payloads. It then exploits its victims by calling for a ransom, threatening to publicly distribute the stolen data if the group is not paid. PDF notes are left on the folders that have been affected in the network, with instructions on how to contact the group and make Bitcoin payment.
The victims of the group span various countries in Western Europe, both North and South America, and Australia. Rhysida targets education, government, manufacturing, and technology and managed service sectors, and it has expanded into the
healthcare sector
in its
most recent expansion
.
The group was responsible for a recent cyberattack against Prospect Medical Holdings, leading to a system-wide outage that affected
16 hospitals
in California, Connecticut, Pennsylvania, and Rhode Island, as well as over 160 clinics in the US. In addition to this, a healthcare operation in Australia was listed on Rhysidas Dark Web site, given a week to pay the ransom before its stolen data was leaked to the public.
Its not surprising that Rhysida is targeting the healthcare sector, which holds valuable patient data and faces pressure to pay and restore lifesaving services quickly, wrote Jess Parnell, VP of security operations at Centripetal, in an emailed statement. In order to protect against ransomware attacks, healthcare operators should implement the basics of good cyber defense — adopt least-privileged access to sensitive information, train employees to identify phishing and other social engineering attacks, and keep all software patches up to date.
HHS recommends that healthcare organizations recognize the threat of these cybergroups,
educate and train their staff
, assess enterprise risk against potential vulnerabilities, and
develop a cybersecurity roadmap.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Rhysida Ransomware Trains Its Sights on Healthcare Operations