Vanderbilt University Medical Center investigates cybersecurity incident

Vanderbilt University Medical Center said it was investigating a cybersecurity incident that led to a database being compromised.

VUMC operates seven hospitals and several healthcare facilities in Nashville, Tennessee, serving more than three million patients each year. The organization is one of the state’s largest employers with 40,000 employees and more than 1,7000 beds in its hospitals.

By Thanksgiving, the hospital system was added to the leak site of the Meow ransomware gang – a relatively new operation that researchers are still examining.

A VUMC spokesperson confirmed that they were experiencing a cyber incident, but did not specify when it occurred, whether it was ransomware or what type of effects they had observed due to the attack.

“Vanderbilt University Medical Center (VUMC) has identified and contained a cybersecurity incident in which a database was compromised and has initiated an investigation into the incident,” they said.

“Preliminary investigation results indicate that the compromised database did not contain any personal or protected patient or employee information.”

VUMC was one of several organizations added to the Meow leak site on Thursday. In March, researchers from cybersecurity company Kaspersky released a decryptor for Meow ransomware, which is based on a version of leaked Conti ransomware code.

The source code for Conti was publicly exposed in March 2022 after dissatisfaction affiliate disputed the group’s support for Russia’s invasion of Ukraine.

At his peak, Conti was one of the most prolific ransomware groups operating, attacking dozens of high-profile targets, including the government of Costa Rica Before turn off in May 2022.

Kaspersky noted that after Conti’s source code was leaked, several different variants were created by various criminal gangs.

A ransomware researcher said BeepComputer Earlier this year, members of the Meow ransomware group posted on a Russian cybercriminal forum that they were “ceasing” their activities and provided a link to all private keys and decryptors. Most of the group’s initial attacks targeted Russian organizations, the outlet reported.

It is unclear whether this current campaign is related to previous Meow ransomware attacks.

Recorded Future ransomware expert Allan Liska said the actors behind this latest Meow campaign may not have actually used ransomware in their attack on the latest victims added to their leak site.

“There don’t appear to be any recent cryptocurrency samples, so this could be an extortion-only group, which is much easier to launch and wouldn’t have required penetrating all of these targets,” did he declare.

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.