Cyber Incident Victim: Barlow Respiratory Hospital
Date:
Aug 2021
Location:
United States of America
Summary
A ransomware attack targeted Barlow Respiratory Hospital in California, attributed to the Vice Society group known for exploiting vulnerabilities like Windows PrintNightmare. The incident involved unauthorized data exfiltration from backup systems, with stolen information later published on a dark web leak site. While hospital operations continued uninterrupted and no patients faced harm, the breach prompted immediate law enforcement notification and an ongoing investigation assisted by a cybersecurity firm. The attack drew significant public condemnation due to the facility's critical role during the COVID-19 pandemic, highlighting broader trends of ransomware groups increasingly targeting healthcare organizations for sensitive data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 27, 2021, Barlow Respiratory Hospital in California experienced a ransomware attack impacting some of its IT systems. The Vice Society ransomware group, active since June 2021, claimed responsibility for the incident and later published stolen hospital data on its dark web leak site. The hospital detected the intrusion promptly and immediately notified law enforcement agencies. While ransomware disrupted certain IT systems, Barlow Respiratory Hospital maintained uninterrupted operations and confirmed no patients faced harm during the incident. The attackers exfiltrated data from specific backup systems without authorization, though the hospital emphasized its prior implementation of extensive privacy protection measures.
Barlow Respiratory Hospital publicly disclosed the unauthorized data publication following Vice Society’s dark web posting, which occurred weeks after the initial attack. The hospital initiated an ongoing investigation to determine the scope of compromised information, collaborating with law enforcement and engaging a cybersecurity firm for forensic support. The incident generated significant public criticism due to the hospital’s role in COVID-19 patient care during the Delta variant surge. Vice Society’s attack mirrored its established pattern of exploiting vulnerabilities like Windows PrintNightmare and targeting healthcare entities, including Eskenazi Health and Waikato DHB. No ransom payment details or specific patient data categories were disclosed by the hospital, which continued assessing potential information exposure while maintaining normal clinical operations throughout the response period.