Hackers Demand $14M in Healthcare Industry Ransomware Attack

A Wisconsin based IT company, Virtual Care Provider Inc., was attacked by ransomware affecting the data of 110 nursing homes nationwide. The hackers encrypted cloud data of patient records, putting some facilities in danger of closing.

The computers were infected with Ryuk malware, a particularly nasty ransomware that has been seen by government organizations and other high valued targets this year. Hackers demanded large amounts of Bitcoin to return the data. These hackers usually get into the system with phishing campaigns, convincing a user to click on a link in an email or enter a user name and password on a fake website.

This attack compromised virtually all of the nursing facilities’ data including internet access, billing, payroll, phones, email, and access to client records. Some facilities are not able to order drugs for patients, others are not able to bill Medicaid, still others are not able to pay their employees. If data is not recovered soon, some nursing facilities will have to close as a result of the attack.

The IT company responsible for the data may also go out of business. They are saying publicly that they cannot pay the $14 million demanded by the criminals.

There is a pattern forming as healthcare facilities get attacked more regularly. A hospital in France was hit by ransomware that knocked its computer systems offline, causing “very long delays in care” and forcing staff to resort to pen and paper. In September a small clinic in California announced it would close by the end of the year, because it was not able to recover from a ransomware attack.

Companies are often compromised for months or even years before the criminals can figure out what data is critical, and what they should encrypt for a ransom. In this case it appears Virtual Care Provider Inc. was infected by the malware numerous times over the past year and did not catch the intrusion.

What this means for your business:

Many of these attacks start with a phishing campaign. Continue to educate users on what they should and should not click on while on a work computer. Users are your first line of defense against attacks.

Companies outsource their IT services because of the complexity and ever-changing nature of the industry. If you outsource your IT services, research the company thoroughly before making a decision. In this case it appears the attack could have been prevented by the IT company if it would have been caught.

Quanexus is the only IT Services business in Southwest Ohio to achieve the CompTIA Security Trustmark+ Certification. Earning a Security Trustmark+ badge means we have demonstrated a commitment and adherence to IT industry best practices.

At Quanexus we secure data using a layered security approach. We call it our Q-Stack. Click HERE to watch a video of Jack explaining the Q-Stack.

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright