pruitthealth ransomware

Southeast US medical provider PruittHealth over the weekend notified 5,217 people about a November 2023 data breach that compromised Social Security numbers, financial data, and health information.

Ransomware group NoEscape claimed responsibility for the attack at the time. It posted a sample of allegedly stolen documents on its website and says it stole 1.5 TB of data in total. PruittHealth has not confirmed NoEscape’s claim.

PruittHealth’s notification states, “On December 7, 2023, the hackers claimed to have published the files that they allegedly copied on their blog site. However, before PruittHealth’s forensic specialists could access the files the hackers claim to have published, the hackers blog site was taken down and any files that they claimed to have published were no longer accessible. As a result, PruittHealth is not able to confirm whether your information is exposed.”

The compromised data includes names, dates of birth, government ID numbers, demographic info, contact info, addresses, financial information, Social Security numbers, bank account numbers, health insurance information, and health information. The notification specifically cites HIPAA, which implies private medical records were compromised.

The post on NoEscape’s leak site, published November 17, 2023, reads, “The company’s management is well aware of this incident but continues to remain silent for the 5th day […] If you guys continue to remain silent and do not contact us, we promise to start launching new attacks and eventually we will publish all 1.5TB of data here.”

We do not yet know whether PruittHealth paid the ransom, how much it was, how attackers breached its network, or why it took so long to notify victims. Comparitech contacted PruittHealth for comment and will update this article if it responds.

Comparitech recommends PruittHealth patients and employees monitor their credit reports, bank statements, and medical bills for suspicious activity. The notification does not state whether PruittHealth will offer victims free identity theft protection or credit monitoring, a common practice for breaches of this severity. Instead, it advises victims to set up their own fraud alerts and credit freezes, and report identity theft to the FTC.

Who is NoEscape?

NoEscape is a ransomware gang that first emerged in May 2023. It operates a ransomware-as-a-service business model in which clients pay NoEscape a portion of proceeds to use the malware and get support. It also employs DDoS attacks to disrupt target operations and coerce victims into paying ransoms.

Comparitech has recorded 28 confirmed ransomware attacks by NoEscape since it surfaced. Its other recent victims include Southeastern Orthopaedic Specialists, Kwik Inudstries, and OE Federal Credit Union.

Its targets mostly span North America and Europe, and notably not Russia or other former Soviet Union countries that are now part of the Commonwealth of Independent States (CIS). Targeted industries include professional services, manufacturing, healthcare, construction, and education.

NoEscape often extorts victims twice: once for a decryption key to restore systems, and again in exchange for not selling or publicly releasing stolen data.

Ransomware attacks on US healthcare

Hospitals, clinics, and other healthcare-related organizations are frequent targets for ransomware attacks. Ransomware can disrupt key systems used for payment, making appointments, storing patient information, and more. Hospitals and clinics might be forced to cancel appointments and divert patients elsewhere, or resort to pen and paper until systems are restored.

Since 2018, we’ve recorded 538 confirmed attacks on US healthcare organizations, affecting almost 69 million records. 20 of those attacks were reported in 2024.

Other recent ransomware attacks against US healthcare organizations include the Victoria Eye and Surgery Centers, Singing River Health System, and BAMSI.

About PruittHealth

PruittHealth is a long-term healthcare provider with more than 180 locations in Georgia, Florida, North Carolina, and South Carolina. It specializes in senior living, in-home healthcare, pose-acute care, hospice care, and skilled nursing care. It’s been in business for more than 50 years. PruittHealth employs more than 13,000 staff and serves 24,000 patients every day.