New Trinity Ransomware Targets Healthcare Sector, Federal Warning Issued

A newly identified ransomware strain, dubbed "Trinity," has surfaced, targeting the healthcare sector in the U.S. and prompting a warning from federal authorities. The U.S. Department of Health and Human Services (HHS) issued an advisory highlighting the threat posed by this ransomware to hospitals and healthcare providers.

The HHS Health Sector Cybersecurity Coordination Center confirmed that at least one U.S. healthcare facility has fallen victim to Trinity ransomware. The ransomware, first detected in May 2024, has since affected at least seven organisations, including two healthcare providers—one in the U.K. and another in the U.S.

One of the American victims, a gastroenterology services provider, suffered a significant data breach, losing 330 GB of sensitive information. The impacted facility currently reports limited functionality, indicating ongoing disruption.

Researchers also reported a separate incident involving a New Jersey-based dental group. Both cases point to Trinity’s ability to exploit common vulnerabilities, spreading throughout affected networks with ease.

Trinity shares similarities with two other ransomware strains, 2023Lock and Venus, raising concerns about potential collaborations between threat actors. The ransomware operates by encrypting files with a "trinitylock" extension, then delivering a ransom note instructing victims to pay in cryptocurrency within 24 hours to avoid data leaks.

Federal experts noted that Trinity’s codebase and techniques closely mirror those of Venus and 2023Lock, suggesting that it could be a new variant of these earlier strains. The attackers have established two online sites—one to assist those who pay the ransom and another to display stolen data as leverage.

HHS warns that this alliance between Trinity, Venus, and 2023Lock could lead to more sophisticated ransomware campaigns in the future, posing an ongoing threat to the healthcare industry.