You are currently viewing Texas hospital becomes victim of Dharma ransomware

Texas hospital becomes victim of Dharma ransomware

The Altus Baytown Hospital has revealed a ransomware outbreak which may have led to the leak of patient data. The “unauthorized party” deployed malicious code and infected the hospital’s systems with a strain of ransomware. To reduce the risk of ransomware infection, a solution that implements a data backup plan is highly recommended.  

SkyFlok uses technology that safely backs up your data in the Cloud. It also protects you from advanced ransomware that tries to delete or overwrite your files in the Cloud. SkyFlok keeps every previous version of your files so overwrite attempts are neutralized. With our 30-day Recycle Bin period, your files cannot be deleted immediately either on purpose by a computer virus or accidentally by your colleagues.

In a statement on its website, the Texas-based hospital said that ABH discovered an unauthorized threat actor rifling through the organization’s systems on roughly September 3.

The “unauthorized party” deployed malicious code and infected the hospital’s systems with a strain of ransomware.

The ransomware at fault for the infection is known as Dharma. As with most strains, the malware was able to encrypt files and then demanded a ransom payment in return for access.

Many of the hospital’s records were encrypted due to the attack, and these included files containing patient information such as names, home addresses, dates of birth, social security numbers, driver license numbers, credit card information, phone numbers, and medical data.

It would be unusual for ransomware to encrypt and then exfiltrate information should the malware’s purpose be simply to secure a blackmail payment. However, as the threat actor was present on ABH servers and details are thin on the ground, it is possible this data has made its way into the wrong hands.

ABH has not revealed how many patients may be affected.

“As a result of our investigation, ABH believes that the records were simply encrypted and there is currently no indication that the information itself has otherwise been accessed or used by any unauthorized individual,” the organization says.

In addition to the hospital itself, affiliate parties including Altus Women’s Center of Baytown, Oprex Surgery (Baytown), Clarus Imaging (Baytown), LP, Clarus Imaging (Beaumont), Zerenity Baytown, and Altus Radiation Oncology Baytown are involved in the incident as information from these entities was stored on the same systems.

After the ransomware executed, the hospital chose not to pay the ransom; instead, ABH hauled in external cybersecurity help which was able to decrypt backup files and restore ABH’s servers.

Dharma was then eradicated from the compromised systems.

“We have been working with our IT consultants to review and analyze the security of our computer systems, and we have updated certain technical, administrative and physical safeguards to ensure the security and confidentiality of your data in the future,” ABH added.

The patients potentially impacted by the security incident have been informed, and as with all cases of data compromise, those involved should keep an eye on their credit reports and watch for any suspicious activity or transactions which may be fraudulent.

Dharma, also known as CrySIS, has been making the rounds over the course of this year. According to security researchers from FortiGuard Labs, the malware strain has been used in recent attacks against a brewery and maritime ports. New loaders and file systems have been found in recent, upgraded variants.


Daniel Lucani

PhD at MIT. Author of 8 patents and applications on network coding. Tech expert 12+ years experience.