Hive ransomware group attacks Missouri health center
Photo: "Missouri Welcome Sign," Doug Wallick/Flickr
licensed under CC BY-NC-SA 2.0
A health center in southeastern Missouri is the latest victim of the Hive ransomware group.
According to reporting from St. Louis Public Radio's Shahla Farzan, the Missouri Delta Medical Center in Sikeston had confidential patient data stolen from one of its servers earlier this month.
Hive began posting patient names, Social Security numbers and medical information on September 9, said Farzan.
"While this incident is not currently impacting our ability to provide care to our patients, we were recently notified that the unauthorized third party posted on their blog site some information that was purportedly taken from one of our servers," said a spokesperson for Missouri Delta in a statement sent to Healthcare IT News.
"We are working with a leading forensic security firm to investigate and determine the nature of the incident," the spokesperson said.
WHY IT MATTERS
Although Hive is relatively new on the scene, it has already led the U.S. Federal Bureau of Investigation to issue a flash warning about its tactics.
As the FBI explained in that alert earlier this month, "After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software.
"The ransom note also threatens to leak exfiltrated victim data on the Tor site, HiveLeaks," it added.
Such appears to be the case with the Missouri incident, in which Hive reportedly began posting individuals' data on its website.
"The investigation into the scope of the incident and the data potentially involved remains ongoing; however, based on the investigation to date, we have no indication that data in our main electronic medical record system is involved," said Missouri Delta in the statement.
"We will provide additional information as appropriate based on our ongoing investigation. Additionally, we have notified law enforcement regarding the incident, and we will cooperate with any law enforcement investigation," the statement continued.
THE LARGER TREND
Hive was also the group said to be behind the attack on Ohio's Memorial Health System this past month. That attack forced Memorial to cancel all urgent surgical cases and all radiology exams for days.
But Hive isn't the only new ransomware gang setting off alarms: The federal government has also recently issued alerts about BlackMatter and Conti.
"Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to promptly report ransomware incidents to your local field office or the FBI’s 24/7 Cyber Watch," the agency reminded healthcare organizations in its alert about Conti.
ON THE RECORD
"We apologize for any inconvenience this incident may have caused, and are taking steps to increase our security and reduce the risk of a similar incident occurring in the future. We remain focused on continuing to serve our community," said Missouri Delta in the statement.
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.