BlackCat, a "triple-extortion" ransomware group that combines ransomware attacks with threats to leak data and disable websites, attacked EHR vendor NextGen Healthcare, The Washington Post reported Jan. 23.
NextGen said the ransomware group did not obtain any client data. However, BlackCat put a sample of NextGen information on its extortion site.
HHS warned the healthcare sector about the suspected Russian ransomware group in a Jan. 12 brief. The group has connections with Russian ransomware groups Darkside/Black Matter and REvil.
"NextGen Healthcare is aware of this claim and we have been working with leading cybersecurity experts to investigate and remediate," the EHR vendor told the Post. "We immediately contained the threat, secured our network, and have returned to normal operations. Our forensic review is ongoing and, to date, we have not uncovered any evidence of access to or exfiltration of client or patient data. The privacy and security of our client and their patient information is of the utmost importance to us."