Seattle cancer center confirms cyberattack after ransomware gang threats

A prominent cancer center based in Seattle is dealing with a cyberattack claimed by a notorious cybercrime gang that currently appears to be extorting the healthcare facility.

On Friday morning, the Hunters International ransomware group listed the Fred Hutchinson Cancer Center on its leak site, claiming to have stolen 533 GB of data. Reports said the group was extorting individual patients as well.

When asked about the listing, a spokesperson for the facility directed Recorded Future News to a statement from December 11 confirming that it notified federal law enforcement agencies following the detection of unauthorized activity on its clinical network.

“All Fred Hutch clinics are open and actively serving patients. The safety, wellbeing, and personal information of our patients and employees is of the utmost importance to Fred Hutch,” the center said.

“Our forensic team is continuing to conduct an assessment of the data accessed and we will provide further updates as we have them.”

The Fred Hutchinson Cancer Center is a nonprofit and the only National Cancer Institute-designated cancer center in Washington. It has eight clinical care centers that provide a variety of services and research.

The organization previously issued a statement on December 1 saying it was forced to “quarantine” servers and take its clinical network offline after discovering the attack in an effort to “contain the impact.”

All of the clinics remained open as the organization investigated the incident. The cancer center pledged to contact anyone affected by the information stolen by the hackers.

Extortion of individual patients

Local news outlet KIRO reported on Thursday of a harrowing situation in which patients of the cancer center received threatening emails from the hackers.

KIRO obtained one of the emails, which said the victim was one of 800,000 people who had sensitive information included in the batch of data stolen from the center. The gang said they would remove the person’s information for $50.

The alleged information includes medical history, lab results, Social Security numbers and more.

“I think it’s disgusting that they’d take advantage of cancer patients of all people, people who are struggling at the worst time of their lives,” one victim told KIRO.

The victim added that she did not blame Fred Hutchinson Cancer Center, noting that the facility helped save her life and that several other hospitals have faced similar attacks.

Sensitive targets

Throughout 2023, ransomware actors have stooped to new lows in an effort to get victims to pay ransoms.

Right at the beginning of the year, the LockBit ransomware gang was forced to apologize after attacking Toronto’s Hospital for Sick Children, Canada's largest pediatric health center.

Another prominent ransomware gang attempted to extort a healthcare network in Pennsylvania by publishing images of breast cancer patients.

Several experts noted that Hunters International — the same gang extorting Fred Hutchinson Cancer Center — has also attempted to threaten a cosmetic surgeon using photos of patients as leverage.

Attacks on healthcare organizations have continued to cause widespread damage throughout 2023, forcing facilities to cancel appointments and leaking millions of victims’ information onto the dark web.

On Thursday, dental insurance giant Delta Dental of California filed breach notification documents in Maine and California saying nearly 7 million patients were affected by a ransomware gang’s attacks on a popular file transfer software this summer.

The information leaked includes names, Social Security numbers, driver’s license numbers or other state identification numbers, passport numbers, financial account information, tax identification numbers, individual health insurance policy numbers, and other health information.