BreachExchange mailing list archives
IT services company hit with ransomware, cutting off nursing homes' access to patient medical records
From: Destry Winant <destry () riskbasedsecurity com>
Date: Tue, 26 Nov 2019 08:56:28 -0600
https://www.fiercehealthcare.com/tech/nursing-home-it-company-hit-ransomware-cutting-off-providers-access-to-patient-medical-records A technology company that provides services to more than 100 nursing homes and long-term post-acute care facilities was hit with a ransomware attack that crippled its servers and cut off access to patient medical records. Hackers demanded a ransom of roughly $14 million in bitcoin. The hack against Virtual Care Provider Inc. (VCPI) means some locations cannot access patient records, use the internet, pay employees or order medications. The Milwaukee-based company provides internet access, cloud hosting and security services to primarily senior living and long-term care facilities, including 110 nursing home organizations with some 80,000 computers across 45 states. In a company memo (PDF) sent to clients Nov. 18, obtained by the Milwaukee Journal Sentinel, Virtual Care Provider executives said the business was attacked with Ryuk encryption ransomware spread by TrickBot virus. The company estimated 20% of its servers were affected by the virus. Company executives said their monitoring systems quickly discovered the attack and spread of the malware and launched its incident response and management process. The company then contacted its cybersecurity insurance policy provider, Beazley, which connected VCPI to a third-party cybersecurity incident response firm. "We are prioritizing servers that provide active directory access, email, eMAR, and EHR (electronic health record) applications," company officials said in the memo. Company executives did not respond to FierceHealthcare's emails and phone calls requesting comment about the ransomware attack. VCPI chief executive Karen Christianson told cybersecurity blogger Brian Krebs the ransomware attack affected virtually all of the company's core offerings, including Internet service and email, access to patient records, client billing, and phone systems, and even VCPI’s own payroll operations that serve nearly 150 company employees. "Right now all we’re dealing with is getting electronic medical records back up and life-threatening situations handled first," Christianson said. She told Krebs some affected facilities could be forced out of business, and patients' health is at risk if the data is not accessible, Christianson said. Christianson said her firm cannot afford to pay the ransom amount being demanded. “We’ve got some facilities where the nurses can’t get the drugs updated and the order put in so the drugs can arrive on time,” she said. “In another case, we have this one small assisted living place that is just a single unit that connects to billing. And if they don’t get their billing into Medicaid by December 5, they close their doors. Seniors that don’t have family to go to are then done. We have a lot of [clients] right now who are like, ‘Just give me my data,’ but we can’t.” In a statement to the Milwaukee Journal Sentinel, Virtual Care President Zachary Koch said the company has launched an internal investigation and hired security experts. Virtual Care is working diligently to restore the systems as quickly and safely as possible, Koch said. The impact on the 110 health care facilities the company supports varies based on how much data each gave Virtual Care. Some facilities use the company for tech support, while others rely on the firm to host their websites, email systems, phone lines, and patient records, the Milwaukee Journal Sentinel reported. Over the last two years companies of all sizes have been targeted by Ryuk and its variants, according to Eyal Aharoni, vice president of customer success at cybersecurity company Cymulate. A hospital in France, University Hospital Centre in Rouen, announced it was hit by a ransomware attack that knocked its computer systems offline, forcing staff to resort to pen and paper. The 1,300-bed hospital revealed in a posting on Facebook on Nov. 19 that it was the victim of an attack and admitted to "very long delays in care." Alabama-based DCH Health System also was hit with Ryuk ransomware back in October and paid the hackers for a decryption key to restore access to locked systems. "For a malware that’s been around this long, attacks reaching epidemic levels and dominating media discourse, companies are falling short of excuses," Aharoni told FierceHealthcare via email. The probability of hackers using Ryuk variants to leverage lateral movement capabilities is extremely high, Aharoni said, enabling them to exploit vulnerabilities such as EternalBlue (a software vulnerability in Windows) or BlueKeep (a vulnerability in Microsoft's Remote Desktop Protocol implementation). "Victims of these attacks are due to their IT/security teams not updating systems with the latest patches or deploying their security configurations correctly, both of which should be implemented and strictly adhered to as part of security housekeeping and policy," he said. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- IT services company hit with ransomware, cutting off nursing homes' access to patient medical records Destry Winant (Nov 26)