A serious cybersecurity breach has disrupted the daily operations of the Lower Sioux Indian Community in south central Minnesota. The tribe confirmed that an unauthorized actor gained access to its systems. Impacting several core services including its healthcare facility, government offices, hotel, and casino. The nature of the attack was later revealed to be ransomware. Forcing the community to take urgent steps to contain the fallout.
As soon as the breach was discovered, the tribe activated its incident response protocols. Critical systems were taken offline—this included phone lines, fax machines, and email services. The Lower Sioux Health Care Center moved quickly to establish alternate communication methods for patients needing medical or dental care. As well as those requiring prescription refills.
On Facebook, the Lower Sioux Government Center shared an update confirming the cyberattack was indeed a ransomware incident. The message explained that some guest services were still down. But efforts were underway to restore normal operations as securely and swiftly as possible. The tribe also announced its government offices would close early due to the severity of the breach.
At the Jackpot Junction casino, which is operated by the tribe, the impact was particularly noticeable. Slot machines and kiosks remain offline, and key services like bingo nights, rewards programs, promotional drawings, and Dacotah Dining have all been paused. The casino’s hotel systems are also down, preventing staff from booking or modifying reservations.
Responsibility for the ransomware attack was claimed by RansomHub. A well-known cybercriminal group that has recently been linked to a string of other breaches. The group posted about the incident on its Dark Web portal, also naming EuropTec, Delta Life Insurance Company, and Intelliloan as recent targets.
Commenting on the situation, Anuj Goel, CEO of Cyware, emphasized that the threat landscape continues to evolve rapidly. In a statement sent to Dark Reading, Goel stressed that cyber adversaries remain persistent and that organizations must move beyond reactive approaches. He urged a transition to more proactive cybersecurity measures to prevent such attacks before they can take hold.
This incident comes just weeks after the same group struck the Sault Tribe of Chippewa Indians in Michigan. That attack forced the closure of multiple tribal departments and businesses and had a devastating impact on the community’s healthcare services.
The back-to-back targeting of tribal communities by the same ransomware group highlights the growing vulnerability of essential public service organizations. As these attacks continue, the urgency for stronger, more proactive cybersecurity strategies has never been clearer.
