Ransomware attacks have been steadily increasing in the healthcare industry since the beginning of the year, and with the most recent attacks on New Jersey Spine Center, Marin Healthcare District and Urgent Care Clinic of Oxford, it doesn't look like the target placed on these providers will be shrinking anytime soon. Hospitals are recognizing the threat and are making cybersecurity a top priority. But as cybercriminals gain intelligence - and confidence - it may not be enough to make up for human error, outside vendors and other vulnerabilities.
Read the Analysis: Hollywood Presbyterian hack signals more ransomware attacks to come.
Two more ransomware attacks were reported at Marin Healthcare District in Greenbrae, California and the New Jersey Spine Center in Chatham, N.J. Both organizations paid the ransom. The attack on MHD stemmed from a ransomware attack on Marin Medical Practices Concepts, the health system's medical billing and electronic medical record services vendor. Meanwhile, the six sites of the New Jersey Spine Center were attacked by Cryptowall ransomware on July 27, 2016. It encrypted not only the electronic health record, but also the backup files and phone system.
Oxford, Mississippi-based Urgent Care Clinic of Oxford reported it was a victim of a ransomware attack, which appears to have been initiated by Russian hackers. The breach was discovered in August 2016 and occurred at sometime in early July of 2016. Urgent Care staff noticed the server running slowly on Aug. 2. The server was held for ransom for an undisclosed amount of time before control was returned to the clinic, according to officials. The clinic shut down the server’s remote access to prevent anyone outside of the clinic from again accessing the system.
Two University of Southern California hospitals were hit by a ransomware attack that encrypted hospital data on servers, making files inaccessible to employees. The attack was quickly contained and isolated, which prevented it from spreading to other servers. The incident was remediated within several days and data was fully restored - without paying the ransom.
Reston, Virginia-based Professional Dermatology Care reported that an unauthorized third party accessed protected health information and financial data of 13,237 of its patients. The cybercriminals encrypted the patient data with ransomware, intending to extract money from the healthcare organization According to officials, the breach was not to 'misuse patient data.' The incident occurred between June 19 and 27 this year, when PDC officials discovered the breach.
Kansas Heart Hospital became the victim of a ransomware attack in May, and after it paid the first one, attackers boldly demanded a second ransom to decrypt data. Kansas Heart Hospital president Greg Duick, MD told local media that patient information was not endangered and routine operations weren't affected. He declined to say how much money Kansas Heart Hospital paid the cybercriminals, only that it was “a small amount.” Duick explained that Kansas Heart Hospital did not pay the second ransom request and said that along with consultants it didn't think that would be a wise move, even though attackers still appear to have some of their data locked.
San Diego-based Alvarado Hospital Medical Center became the third hospital owned by Prime Healthcare Services to be hit with ransomware in March. The system was hit by a "malware disruption" on March 31, the San Diego Union-Tribune reported. A spokesperson for the 306-bed hospital confirmed the cyberattack, but wouldn't say which systems had been affected. For its part, Alvarado said it had taken "extraordinary steps to protect and expeditiously find a resolution to this disruption," according to a statement provided to the Union-Tribune, but offered little other detail except to say patient and employee records hadn't been compromised.
King's Daughters' Health in southeast Indiana had to power down all of its computer systems in March, as it discovered a single employee's file had been infected with Locky ransomware virus. King's Daughters' Health officials told Indiana's WSCH radio that patient data was secure and hadn't been compromised and that it would restart its computer systems once it was safe to do so. KDH used manual processes to continue operations, while the systems were down. Linda Darnell, the hospital's senior director of IT, told the station that ongoing staff education about these evolving cyber threats helped employees act quickly to contain the Locky virus once it was found.
Special report: Ransomware to get worse, hackers targeting whales, IoT triggers new vulnerabilities
March proved to be a big month for ransomware, as MedStar Health in Washington, DC was hit with ransomware that locked down the system for a few days. The cybercriminals demanded a ransom of 45 Bitcoin, or about $19,000 to unlock the system's data. They also offered a separate option of paying 3 Bitcoins to unlock a single computer. The virus affected Washington’s Georgetown University Hospital and other medical offices in the region. MedStar employees encountered a pop-up message demanding the payment in exchange for a digital key that would unlock the data, according to several reports. Medstar said in a statement that the virus prevented some employees from logging into system, but all of its clinics remained open and functioning. The malware blocked MedStar employees from accessing patient data and, in some cases, patients were turned away.
Two Prime Healthcare hospitals in California - Chino Valley Medical Center in Chino and Desert Valley Hospital in Victorville - were attacked by hackers demanding a ransom in March. Prime spokesperson Fred Ortega acknowledged the attack, according to reports and said that neither hospital paid the ransom and no patient data was compromised.
Methodist Hospital in Henderson, Kentucky was held under a ransomware attack for five days in March, which it effectively fended off without paying the cybercriminals. During the attack, the hospital declared an internal state of emergency and posted this to the hospital's website: “Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic web based services. We are currently working to resolve this issue, until then we will have limited access to web based services and electronic communications.”
Attackers broke into Ottawa Hospital’s network with ransomware that initially encrypted four computers. Hospital officials publicly stated that its IT staff has since wiped the machines clean, restored necessary data through backup copies and added that none of the other 9,800 computers were affected and no patient data was compromised. The ransomware attack against Ottawa Hospital is the latest in a string of cybercriminal attempts to gain access to hospital computers then lock down that data and demand payment, typically in Bitcoin, to decrypt it.
Hackers launched a ransomware attack against Hollywood Presbyterian Medical Center and held the hospital’s data hostage until the organization paid the ransom of $17,000 or 40 Bitcoins. Without access to their systems, Hollywood Presbyterian caregivers fell back on handwritten notes and faxes, as the hackers knocked the provider offline for almost a week in February. Everything from e-mails to CT scans were affected, and patients had to pick up prescriptions and test results in person, as they could not be sent electronically because of the emergency.
