Written by AJ Vicens
May 13, 2022 | CYBERSCOOP
AvosLocker, a prolific ransomware group that was the subject of a recent joint FBI and U.S. Treasury Department warning, claimed this week that it had hit a Dallas-based nonprofit Catholic health system with more than 600 facilities across four U.S. states, Mexico, Chile and Colombia.
The attack on CHRISTUS Health marks the second health care system AvosLocker targeted in the last two months. Michigan-based McKenzie Health System began notifying customers this week that patients’ personal data had been stolen from the company’s network in a “security incident” that “disrupted” some of its IT systems in March. The company did not identify the attacker, but AvosLocker posted purported McKenzie data to its dark web leak site April 6.
A spokesperson for McKenzie Health System could not be reached for comment.
Katy Kiser, CHRISTUS Health’s director of communications, told CyberScoop Friday that the company’s IT staff learned of “unauthorized access” in one of its regions — which the company refers to as “ministries” — sometime in early May. The company is working with cybersecurity professionals to assess the situation, she said, but so far it appears to be “limited” and said the attack