The Richmond Behavioral Health Authority, a public agency providing essential mental health and crisis services to the city of Richmond, fell victim to a ransomware attack on September 29. The intrusion resulted in the encryption of several segments of the organization’s network. Officials discovered the breach the following day and took immediate action to remove the unauthorized actors from the system.
During the investigation, the agency determined that the attackers potentially gained access to a wide range of sensitive personal data. This information includes names, Social Security numbers, passport numbers, financial account details, and private health information. In a formal notice to the public, the provider stated that they were alerting those involved out of an abundance of caution, despite the lack of definitive proof that individual files were viewed.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
According to filings submitted to the US Department of Health and Human Services, a total of 113,232 people were impacted by the security incident. The agency has reached out to these individuals, advising them to remain vigilant against potential identity theft and fraud. Impacted parties are encouraged to monitor their credit reports and financial statements closely for any signs of suspicious activity.
While the provider did not officially identify the group behind the cyberattack, the Qilin ransomware gang claimed responsibility in mid-October. The group listed the healthcare organization on its leak site shortly after the incident occurred. This development suggests a targeted effort by the group to extort the agency or monetize the stolen information.
Following their initial claims, the Qilin group reportedly published approximately 192 gigabytes of data consisting of over 393,000 files allegedly taken from the network. This massive leak highlights the significant scope of the breach and the ongoing risks faced by public health organizations. The agency continues to manage the fallout as they work to secure their infrastructure against future threats.
Source: 113,000 People Impacted By Data Breach At Virginia Mental Health Authority