Ransomware gang claims cyber attack on Texas Tech University that cancelled classes

Ransomware group Interlock today claimed responsibility for a September 30, 2024 cyber attack on Texas Tech University Health Sciences Center.

TTUHSC cancelled classes across multiple campuses in Amarillo, the Permian Basin, Abilene, Dallas, and El Paso. Texas Tech Physicians, a part of the Health Sciences Center, lost phone lines and online communications through its patient portal. Classes resumed on October 16 but email systems remained down and disruptions now continue nearly a month later.

Interlock claims it stole 3.2 TB of data including patient data, medical research, and SQL databases. The group posted images of allegedly stolen data on its leak site. Texas Tech has not verified Interlock’s claim.

The FAQ on TTUHSC’s website states, “We recently identified information technology issues that resulted in a temporary disruption to our computer systems and applications. Upon learning of the issues, TTUHSC took steps to ensure the security of the TTUHSC network and began an investigation. While our investigation into the issues is ongoing, we confirmed the source of the technology issues is the result of a cybersecurity event.”

We do not yet know what personal data was compromised, how attackers breached TTUHSC’s network, or whether the school did or will pay a ransom. Comparitech contacted TTUHSC for comment and will update this article if it responds.

Who is Interlock?

Interlock is a new ransomware gang that first started adding targets to its leak site in October 2024. Since then, Comparitech researchers have logged three confirmed ransomware attacks claimed by the group, and another three that haven’t been acknowledged by targets.

Interlock’s other confirmed targets include the Wayne County, Michigan local government and Smeg Group, a manufacturer in Italy. Two of its unconfirmed attacks were also healthcare organizations.

Ransomware attacks on US healthcare

Ransomware attacks on healthcare organizations can disrupt day-to-day operations and force hospitals to divert patients and cancel appointments. Ransomware can cripple systems used for prescriptions, billing, payroll, and appointment booking. Many ransomware groups also steal data in the process to extort hospitals for even more money.

In 2024 so far, we’ve tracked 77 ransomware attacks on US healthcare companies, affecting 12.5 million records. If we include companies that operate in the healthcare sector but don’t provide direct care to patients (e.g. medical billing and pharmaceutical companies), these figures rise to 91 attacks affecting 114.8 million records.

Other recently confirmed ransomware attacks on US healthcare targets include:

• OnePoint Patient Care (OPPC) – Inc claimed an August 2024 breach that compromised 796,000 records.
• Gandara Mental Health Center – Rhysida claimed a June 2024 breach that compromised 17,500 patients
• Carolina Arthritis Center – ThreeAM claimed an October 2024 breach

Comparitech recorded another 169 ransomware attacks on Us healthcare companies this year that were claimed by ransomware gangs but not acknowledged by victims.

About Texas Tech University Health Sciences Center

TTUHSC is both a university and hospital system that conducts biomedical and clinical research. It claims to graduate the most healthcare professionals in Texas–28,000, according to its website. It has campuses in Amarillo, Lubbock, Abilene, Midland, Odessa, and Dallas.