OakBend Medical Center Hit with Ransomware; Attackers Claim to Have Stolen Personal Data of a Millions US Citizens

OakBend Medical Center has announced it’s been hit by major ransomware cyberattack that forced the center to rebuild its entire IT infrastructure, and it’s still in the process of fully coming back online.

Medical facilities are often in the attackers’ crosshairs because they deal with a lot of personal information and because criminals can create real emergencies to use in their blackmail. Since most ransomware attacks these days are preceded by data exfiltration from the victim’s infrastructure, problems can be all the more severe.

In the OakBend Medical Center situation, the attackers hit on Sept. 1. They deployed ransomware, and the IT team immediately took all systems offline and placed everything in lockdown mode. The medical center underlined the fact that at no time was patient safety in jeopardy.

“The OakBend Medical Center ransomware issue was immediately turned over to a team consisting of the FBI, CYD, and the Ft. Bend County Government Cyberteam to investigate all issues,” said the hospital in a message on its website. “OakBend's IT team and CFO secured all patient-centric systems.”

Nine days after the attack, the hospital was still having issues with some of their systems, and staff was working on getting everything up and running.

“We continue to bring our clinical systems back online in a controlled, systematic environment. We are still having telephone and email issues,” the OakBend Medical Center explained.

While the hospital didn’t identify the attackers, a group named Daixin Team contacted DataBreaches and claimed responsibility. They also claim to have extracted 3.5GB of patient data and offered a few samples to prove they’re responsible for the attack. The group claimed responsibility for a few other ransomware attacks this summer.