Frankly, it’s been a terrible week for people in the healthcare industry. Multiple different healthcare organizations have suffered ransomware attacks, each with widespread impact. This happens when attackers lock sensitive data and hold it hostage until the organization pays a ransom.
The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) reported 264% increase in ransomware incidents reported to them over the past five years. Given the enormous amount of data that healthcare companies must collect and store, and the often sensitive nature of this data, this is not surprising. This data makes healthcare organizations a prime target for extortion, and hackers have absolutely taken advantage of it.
This has been especially evident over the past week, as a number of different healthcare organizations around the world were hit by, or released more information about, their ransomware attacks.
Mental health data exposed in NHS ransomware attack
On May 7, NHS Dumfries and Galloway confirmed that a large amount of personally identifiable information of both staff and patients had been published on the dark web. This data contains information about children’s mental health and was leaked following a ransomware attack on the organization.
The cyber attack took place on March 15th a ransomware gang hacked into the computer system of NHS Dumfries and Galloway and a large amount of data stolen.
After the attack, hackers began leaking the data on the dark web as “proof” that the data had been stolen, promising more would leak if a ransom was not paid. This has also led to children’s mental health data being leaked in an “utterly abhorrent criminal act”, in the words of NHS Dumfries and Galloway Chief Executive Julie White.
Due to the amount of stolen data, thousands of people could be affected.
Ascension hospital network shut down by cyber attack
Ransomware also hit healthcare organizations in the United States. On May 8, a serious cybersecurity incident was reported impacting Ascension’s hospital network.
The hospital’s entire system is said to have been disabled during the incident, suggesting that a ransomware attack was responsible for the disruption. According to those at the hospital at the time of the incident, doctors used mobile phones to communicate with staff and paper charts were used. These are both tasks that are typically performed by the hospital’s computer network.
Ascension is currently investigating the cyberattack and says some systems are still disrupted.
Ransomware gang forces NRS Healthcare
Another British ransomware attack was on mobility aid manufacturer NRS Healthcare. This week, more information about this attack came to light.
The attack, which took place on March 29, took everything NRS Healthcare services offline. Ransomware group RansomHUB took to the dark web to take responsibility for taking down its phone lines, email and websites. The group also claimed to have stolen 578 GB of data and said that in order to obtain the decryption key and “fix” the data breach, NRS Healthcare should contact them “as soon as possible.”
The stolen information reportedly includes more than 600,000 private documents, including contracts, accounting documents and financial reports. Although NRS Healthcare currently believes that the information only relates to an internal part of the network, the company did acknowledge that it is possible that information relating to customers was copied to the internal part of the network and therefore accessible to the hackers. .
Why have there been so many ransomware attacks in healthcare?
Healthcare organizations have a lot in their hands terribly important, confidential and sensitive information. This information can range from private medical conditions such as HIV+ status, to information on sensitive topics, such as abortion and infertility, to confidential information relating to criminal cases such as domestic or sexual violence.
In addition, healthcare organizations collect and store a lot of personal information from patients, such as home and email addresses, telephone numbers, and full names, because this helps them provide services to their patients.
The sensitive and private nature of this information, along with the fact that patients generally do not want this information exposed to the general public, makes healthcare organizations a ripe target for hackers. By stealing it, encrypting it and threatening to leak it unless the organization pays a ransom, they are putting healthcare providers in a very difficult situation.
They can either go against cybersecurity best practices and pay the hackers to secure the information, or they can not pay and let the data leak. Of course, there is a third option where the organization pays the hackers, but then the information leaks either way – either way, these organizations are put in a lose-lose position.
That being said, this is why implementing good cybersecurity is so important for these healthcare organizations. Take, for example, the Change Healthcare cyber attack of February this year.
Following the attack, it was revealed that the Citrix portal hackers used to infiltrate Change Healthcare’s network did not have multi-factor authentication (MFA) enabled and that stolen credentials had been used to gain access to the network.
Although the hackers were nevertheless able to gain access to United Healthcare’s systems, this may have been the step that slowed them down or alerted the company that they were on the network, potentially mitigating the impact of the cyberattack.