The Everest ransomware group, a Russian-speaking threat actor, has intensified its focus on the U.S. healthcare sector. This group, active since 2020, recently claimed responsibility for attacks on medical care providers in New York and Nevada, stealing sensitive patient and doctor information. Everest’s activities include ransomware operations and selling unauthorized access to other cybercriminals, facilitating further attacks. The group has targeted at least 20 healthcare entities since 2021.
In recent incidents, Everest exfiltrated 450GB of data from Gramercy Surgery Center and also targeted Nevada-based Horizon View Medical Center. The U.S. Department of Health and Human Services and the American Hospital Association have issued warnings, urging healthcare organizations to bolster their defenses. Everest’s use of legitimate cybersecurity tools to breach networks highlights the growing sophistication of these threats.