Ransomware gang says it hacked Pensacola, FL medical clinics

Ransowmare gang RansomHub yesterday claimed responsibility for a Christmas Eve cyber attack on Community Health Northwest Florida. RansomHub claims to have stolen 68 GB of data and gave CHNWF one week to pay an undisclosed amount in ransom.

CHNWF first announced it was the target of a cyber attack on December 24, 2024. The attack disrupted phones, internet, and servers, which prevented patients from making appointments and filling prescriptions. On January 12, CHNWF announced systems were restored.

CHNWF has not verified RansomHub’s claim. If true, RansomHub could sell or publicly release the stolen data unless CHNWF pays the ransom. That could put patients and staff at greater risk of fraud and identity theft.

We do not know what the allegedly stolen data contains, or how attackers breached CHNWF’s network. Comparitech contacted CHNWF for comment and will update this article if it replies.

Who is RansomHub?

RansomHub runs on a ransomware-as-a-service model in which affiliates pay to use the group’s malware and infrastructure to launch their own attacks and collect ransoms. RansomHub is behind high-profile attacks on Rite Aid, Christie’s auction house, Frontier Communications, and the Florida Department of Health. It first started posting organizations it hacked to its leak site in February 2024.

RansomHub claimed 93 confirmed ransomware attacks since it began, compromising 5.5 million records

The group recently claimed responsibility for attacks on BayMark Health Services, the country’s largest chain of opioid addiction treatment services, and HCF Management (PDF), which runs care homes in Pennsylvania and Ohio.

RansomHub claimed another 461 attacks that haven’t been acknowledged by targets, 21 of which were claimed this year.

Ransomware attacks on US healthcare

Ransomware attacks on US hospitals, clinics, and other care providers can both steal data and lock down systems until a ransom is paid for a key to unlock them. Care providers might have to cancel appointments and divert patients until systems are restored, which can have life-threatening consequences. Doctors might be unable to communicate with patients, write prescriptions, or access medical records.

Comparitech logged 128 confirmed ransomware attacks on US hospitals, clinics, and other direct care providers in 2024, compromising 21.7 million records. The average ransom was more than $1 million.

In December 2024, we confirmed ransomware attacks on PIH Health, PrimaryPlus, Taylor Regional Hospital, and Khalil Center.

About Community Health Northwest Florida

Founded in 1992, Community Health Northwest Florida operates 19 locations in and around Pensacola, Florida. They include clinics, schools, pharmacies, dentists, and optometrists. It employs 377 people and serves 58,820 patients per year, according to its website.