In the past week, over 5 US-based healthcare services providers have reported ransomware attacks on their digital assets and the details of the incidents are as follows-
1) First, it was Ohio based N.E.O Urology services provider which reported about a ransomware attack on its digital assets. Now the news is out that the IT staff of the said Boardmand based health services provider paid over $75,000 as a ransom to free up their database from encryption.
2) Shortly after, Estes Park Health shortly known as EPH said that it was reigning under the attack of a malware which made it’s systems slow and inaccessible from June 2. When the IT admin was informed about the incident he/she confirmed that a ransomware attack took down the database locking down the whole of the clinic’s software from being accessed by doctors and administration staff. Thus, the phone, email and network services remain disrupted since then and so pen and paperwork was back in place as the clinic did not have a backup plan in place for data continuity. On June 15th, Cybersecurity Insiders learned that EPH paid over $10,000 from their cyber insurance plan to hackers. However, the report did not explain what exactly the hackers demanded.
3) On Thursday last week, ResiDex Software made an official announcement that some of its client’s protected health info could have been compromised due to a ransomware attack. But the software vendor assured that none of the data was copied or deleted by the hackers. The ransomware incident came into light on April 9 when the IT staff of the healthcare services related software vendor launched a further probe into the incident which ended on May 22nd this year. But unconfirmed sources claim that Medical records, names of patients, their social security numbers stored on the database were leaked to hackers.
4) Olean Medical Group which is said to hold records of over 40,000 patients is reported to have become a victim of a ransomware cyber attack last week. A third party probe has confirmed that none of the files were copied or deleted in the incident. Highly placed sources say that the infiltration into the network could have taken place in Feb this year and probably hackers from Eastern Europe and Africa would have been involved in the incident.
5) Seneca Nation Health System has also officially disclosed this week that it has become a victim of a ransomware attack as a result of which doctors could not access patient data and clinicians do not have access to charts and the scheduling system. More details are awaited on this issue!
6) Finally, the list concludes with the official announcement from Shingle Springs Health and Wellness Center which has reported that its database containing info of more than 21,513 patients was encrypted by the malware. FBI has been informed about the incident and the plan is to replace all the servers and workstations with new hardware and software.
In December last year, the FBI issued a warning to healthcare services providers across the world that their sector continues to become a prime target for hackers as it relies heavily on constant data access. While there has been a sharp decline in ransomware attacks on other sectors according to Verizon survey, Data breach and malware attacks are reported to have increased on companies serving in the healthcare sector.