The US healthcare sector suffers non-stop attack from Pysa ransomware

US Healthcare Sector Cyber Attacks Pysa Ransomware Mespinoza Academic

The United States Health and Human Services have issued an alert regarding the ongoing Pysa ransomware attack on their healthcare systems and institutions.

Experts stressed that Pysa is now a prominent variant of the Mespinoza ransomware strain that has been targeting healthcare facilities in the last few months. The Health and Human Services (HSS) has previously claimed that Pysa and Mespinoza were among the ten most dangerous threats for the healthcare sector.

Moreover, the US is one of the most bombarded countries, with campaigns monitored across academic institutions, business services groups, and utilities. The ransomware operators have exclusively victimised the healthcare and public health sectors in the past couple of years.

Another detail about Pysa’s operators is that they are heavily financially motivated and utilise several attack tools such as ADRecon, PEASS, PowerShell Empire, Advanced Port Scanner, DNSGo remote access trojan, and Mimikatz.

Based on the observation of dark web analysts, Mespinoza manages and supervises Pysa ransomware’s data leak site that concentrates on data extortion, ransom negotiation, and ransom demands.


Pysa ransomware attacked an unprecedented number of healthcare and public health institutions.


As of the last weeks of November last year, Pysa ransomware had already targeted 200 victims, of which approximately six were from the healthcare industry.

The threat actors that operated the Pysa ransomware deployed some of the most massive onslaughts against healthcare targets, such as Assured Imaging, Nonin Medical, and Piedmont Orthopedics or OrthoAtlanta. Unfortunately, all these attacks became more severe since the threat actors launched all of them at the height of the global COVID-19 pandemic.

As of now, one of the latest Pysa ransomware data leaks included several zip files claiming to be stolen by them from One Community Health, Gastroenterology Associates, and Spartanburg & Pelham OB-GYN.

An investigatory report uncovered a rapid increase in the double extortion strategy by the Pysa ransomware group. The academic institutions were also heavily targeted by the group alongside the health sector.

These critical sectors of the United States must understand the importance of essential cybersecurity services. It is recommended to have reliable cybersecurity, vulnerability management programs, AV solutions, defense-in-depth tactics, and managed privilege principles to have improved defense against today’s evolving threats.

About the author

Leave a Reply