Courageous Home Care Hit by HUNTERS INTERNATIONAL Ransomware Attack

On March 16, 2025, the Hunters International ransomware group claimed responsibility for a cyberattack targeting Courageous Home Care, a U.S.-based healthcare provider specializing in personal support services.

The breach compromised approximately 262 GB of data, escalating concerns about vulnerabilities in the healthcare sector’s cybersecurity defenses.

Attack Overview

According to the post from FalconFeeds.io, Courageous Home Care, a provider licensed under programs like ICWP, CCSP, and SOURCE, offers critical in-home healthcare services across the United States.

Hunters International, a ransomware-as-a-service (RaaS) operation linked to the disbanded Hive group, infiltrated the organization’s systems using tactics consistent with previous campaigns:

• Initial Access: Likely via compromised credentials or exploitation of unpatched vulnerabilities, such as Oracle WebLogic CVE-2020-14644.
• Lateral Movement: Use of Windows utilities like PsExec and Windows Management Instrumentation (WMI) to escalate privileges.
• Data Exfiltration: Stolen data is uploaded to MEGA cloud storage before deploying ransomware.
• Encryption: Rust-based ransomware payloads to lock systems, coupled with deletion of backups.

The group’s dark web leak site listed Courageous Home Care as a victim, though specifics about the exfiltrated data remain unconfirmed.

Hunters International’s Expanding Healthcare Targeting

Hunters International has intensified attacks on healthcare entities, leveraging the sector’s reliance on legacy systems and sensitive data.

Recent incidents include:

• Fred Hutchinson Cancer Center (2024): Breach impacting 1 million patients, with direct extortion emails demanding $50 payments to suppress data leaks.
• SSS Australia (2025): Theft of 60,000 files from a healthcare supplier, underscoring global targeting.
• Tata Technologies (2025): Exfiltration of 1.4 TB of employee and contract data.

The group’s double-extortion model—encrypting systems while threatening data leaks—maximizes pressure on victims.

Healthcare providers are particularly vulnerable due to the critical nature of patient care systems and the high value of medical records on dark web markets.

Technical Analysis and Vulnerabilities

The attack mirrors prior healthcare breaches, including the 2024 Change Healthcare ransomware incident, where compromised credentials for a Citrix portal lacking multi-factor authentication (MFA) enabled a nine-day network intrusion.

Key vulnerabilities exploited in such attacks include:

1. Unpatched Software: Failure to address critical CVEs like Oracle WebLogic’s CVE-2020-14644.
2. Insufficient Access Controls: Absence of MFA and excessive user privileges.
3. Inadequate Segmentation: Allowing lateral movement to critical systems.

Hunters International’s use of off-the-shelf tools (e.g., Cobalt Strike) and living-off-the-land binaries (e.g., PowerShell) complicates detection.

Impact on Healthcare Operations

Ransomware attacks disrupt healthcare delivery and erode patient trust. For Courageous Home Care, potential consequences include:

• Service Delays: Forced reliance on manual processes, delaying patient care.
• Financial Losses: Ransom demands, recovery costs, and regulatory fines.
• Reputational Damage: Exposure of sensitive patient data (e.g., medical records, insurance details).

The 2024 Change Healthcare attack—costing $22 million in ransom and impacting 190 million individuals—highlights the cascading risks of such breaches.

Mitigation Strategies

CISA and HHS recommend:

• Enable MFA: Mandate for all remote access and critical systems.
• Patch Management: Prioritize updates for internet-facing systems.
• Network Segmentation: Limit lateral movement through micro-segmentation.
• Backup Integrity: Maintain offline, encrypted backups tested regularly.

The Hunters International attack on Courageous Home Care underscores the persistent threat ransomware poses to healthcare.

With the sector reporting a 45% increase in breaches since 2023, organizations must adopt proactive defenses to safeguard patient data and operational continuity.

As ransomware groups evolve, collaboration between cybersecurity agencies and healthcare providers remains critical to mitigating risks.

Also Read: