Axis Health System breach claimed by Rhysida ransomware gang – $1.5M demanded

Yesterday, the Rhysida ransomware gang posted Axis Health System to its data leak site, demanding a 25 BTC ransom (around $1.5 million USD at the time of writing) and giving the company seven days to pay up.

Southwest Colorado Mental Health Center, Inc. d/b/a Axis Health System started issuing data breach notification letters at the end of September. In these, it described how it detected ‘irregular activity’ within its computer systems on August 26, 2024. Its subsequent investigation revealed that “between July 9, 2024 and September 4, 2024 an unknown, unauthorized actor gained access to certain computer systems and potentially accessed and/or acquired files stored on those computer systems.”

The company’s website still displays a message about the cyber incident with patients being notified that the primary care patient portal is still offline.

We do not yet know exactly what data was affected or how many people are impacted. Axis Health System hasn’t confirmed Rhysida’s claims and whether or not a ransom was demanded and/or paid. Comparitech has contacted the company for more information and will update this article if it responds.

Who is Rhysida?

Rhysida is thought to have ties to the ransomware group Vice Society and first originated in May 2023. Since then, we have logged 57 confirmed attacks via this group. These attacks have affected nearly 3.5 million records and the average ransom has been nearly $1.3 million.

Recent attacks have included the City of Columbus, Sumter County Sheriff’s Office, Bayhealth Medical Center, the Port of Seattle/Seattle-Tacoma International Airport, and Maryville Academy. In August 2023, it was responsible for two large attacks on the US healthcare sector–Prospect Medical Holdings, Inc. (affecting 1.3 million records) and Singing River Health System (affecting 895,000 records). It was also responsible for the attack on Ann & Robert H. Lurie Children’s Hospital of Chicago in January of this year which affected over 790,000 records. 

So far this year we’ve tracked 16 confirmed attacks via Rhysida and 52 unconfirmed attacks.

Ransomware attacks on US healthcare companies

Throughout 2024, we’ve noted 69 attacks on US healthcare companies. These have impacted over 7 million records in total and have seen an average ransom of $813,000.

Last month, Great Plains Regional Medical Center and UMC Health System both suffered crippling attacks on their systems. The threat actors involved remain unknown. 

California-based Omni Family Health has also started issuing data breach notifications this week following an attack in August 2024. This was claimed by Hunters International ransomware gang.

We have also logged 129 unconfirmed attacks on US healthcare companies this year so far.

About Axis Health System

Based in Durango, Colorado, Axis Health System is a private, nonprofit organization providing primary, behavioral, and oral healthcare. It was established in 1960.