Surgeries canceled, data compromised in two health center ransomware attacks

Published 9/2/2021, 9:00am

Two major healthcare systems announced last week that they had been victims of ransomware attacks. An Ohio-based health system suffered an attack on August 16, forcing the cancellation of surgeries and the diversion of emergency patients to other area facilities. T Las Vegas-based health system University Medical Center of Southern Nevada also announced it had experienced an attack in June, affecting 1.3 million individuals.

Representatives from the Ohio health system indicate that they negotiated with the attackers and received a decryption key. However, they are withholding information on the ransom amount paid. They also are still investigating whether patient or employee data was stolen. The ransomware gang responsible for the attack is reportedly the Hive gang.

A July breach notification statement from the Nevada health system indicates that their ransomware attack began in June and ended one day later. Health system representatives stated there was no disruption to patient care or clinical systems. However, data containing highly sensitive information—including names, addresses, dates of birth, social security numbers, and health history and diagnostic information–was compromised. The health system also believes that financial information, including insurance numbers, may have been included in the files that were stolen.

Next Steps

As ransomware attacks continue to increase, cybersecurity professionals are urging businesses to patch bugs and vulnerabilities immediately, as well as engaging a vulnerability management service. Endpoint security is also a key tool in the fight against ransomware. If organizations believe they have been victims of a ransomware attack, they are urged to work with a professional ransomware investigation and response team.