Cybersecurity Alert: Ongoing Threats Following Ransomware Attack on Tri-City Medical Center

Home » Cybersecurity Alert: Ongoing Threats Following Ransomware Attack on Tri-City Medical Center
Cybersecurity Alert: Ongoing Threats Following Ransomware Attack on Tri-City Medical Center

Despite successfully restoring operations at Tri-City Medical Center over 17 days following a November ransomware attack, the threat lingers as cybercriminals continue their extortion efforts against the Oceanside hospital. Disturbingly, the malevolent group “INC RANSOM” has taken the cyber assault a step further, now boasting possession of stolen records on the dark web.

Dark Web Revelation

In a concerning development earlier this week, the notorious cyber extortion group announced its possession of records pilfered from Tri-City Medical Center on the dark web. The announcement, accompanied by “proof” in the form of printed pages obtained during the digital attack, signifies a disturbing continuation of the ransomware saga.

Contents of Stolen Records

The posted records include two prior authorization forms, and crucial paperwork used to secure approval for specific medical procedures. Patient information such as names, phone numbers, and other identifiers are now in the possession of the attackers. Financial records are also part of the compromised data, although the extent of the breach remains undisclosed.

Ongoing Threat and Ransom Tactics

The appearance of this notice on the dark web suggests that the ransomware group is still exerting pressure on Tri-City Medical Center. These posts serve as a grim reminder of the persistent threats organizations face even after operational recovery. Such announcements are often tactics to force organizations into paying ransoms to prevent further, potentially damaging data exposure.

New Threat Landscape

Cybersecurity experts have noted an unsettling trend where ransomware groups not only threaten to publish stolen documents but also leverage the private information contained within these documents. In some instances, hackers have resorted to calling affected individuals, making specific demands under the threat of exposing sensitive medical histories.

Recommendations for Individuals at Risk

Given the posted records and the potential compromise of personal information, individuals who recently received care at Tri-City Medical Center are advised to operate under the assumption that their data may be part of the breach. Vigilance is crucial, with recommendations to check flexible spending accounts, and health savings accounts, and regularly request copies of medical records.

Protecting Against Fraud

Heightened awareness is necessary to guard against potential healthcare billing fraud resulting from stolen medical information. Individuals should verify the legitimacy of charges and periodically review medical records. Additionally, monitoring credit cards for unusual activities and considering credit freezes can mitigate risks associated with identity theft and financial fraud.


The ongoing developments following the ransomware attack on Tri-City Medical Center emphasize the evolving and persistent nature of cyber threats. Individuals affected are urged to remain vigilant, take proactive steps to safeguard personal information, and report any suspicious activities to the hospital and local authorities.

Mitigate cyber threats effectively with Keplersafe's expert solutions.