It has been quite frankly a terrible week for those across the healthcare sector. Multiple different healthcare organizations have suffered ransomware attacks, each with widespread ramifications. This occurs when attackers lock up sensitive data and hold it hostage until the organization pays a ransom.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has reported a 264% increase in ransomware incidents reported to them over the past five years. With the sheer amount of data that healthcare companies are tasked with collecting and storing, as well as the frequently sensitive nature of this data, this is unsurprising. This data makes healthcare organizations a prime target for extortion, and hackers have absolutely been taking advantage of this.
This has especially been seen in the last week alone, with a number of different healthcare organizations across the world being hit by, or releasing more information about, their ransomware attacks.
Mental health data exposed in NHS ransomware attack
On May 7, NHS Dumfries and Galloway confirmed that a large amount of personally identifying information belonging to both staff and patients had been published to the dark web. This data included the mental health information of children and was leaked following a ransomware attack launched against the organization.
The cyber attack took place on March 15 after a ransomware gang hacked into NHS Dumfries and Galloway’s computer system and stole a large amount of data.
After the attack, hackers began leaking the data on the dark web as “proof” it had been stolen, with a promise that more would be leaked if a ransom was not paid. This has also resulted in children’s mental health data being leaked in an “utterly abhorrent criminal act” in the words of the Chief Executive for NHS Dumfries and Galloway Julie White.
Due to the amount of data stolen, thousands of people could be impacted.
Ascension hospital network taken down by cyber attack
In the United States, ransomware also ran riot against healthcare organizations. On May 8, a serious cybersecurity incident impacting the Ascension hospital network was reported.
The hospital’s entire system was allegedly taken down during the incident, suggesting that a ransomware attack was responsible for the disruption. According to those in the hospital at the time of the incident, doctors were using cellphones to communicate with staff and paper charts were being used. These are both tasks usually undertaken by the hospital’s computer network.
Ascension is currently investigating the cyber attack, and has said that some systems continue to be disrupted.
Ransomware gang extorts NRS Healthcare
Another UK-based ransomware attack was that of mobility aid manufacturer NRS Healthcare. This week saw more information about this attack coming to light.
The attack, which took place on March 29, took all of NRS Healthcare’s services offline. Ransomware group RansomHUB took to the dark web to take responsibility for disabling its phone lines, email, and websites. The group also claimed to have stolen 578 GB of data and said that in order to get the de-encryption key and “resolve” the data breach, NRS Healthcare needs to contact them “as soon as possible”.
![A post on the dark <a href='https://mediaserve.com/blog/mediaserve-pro-10.3.0-update' target='_blank'>web</a> from RansomHub. It reads: "NRS Healthcare is a supplier of mobility equpment and disability aids, and other medical equipment. Provides personal care aids, moving and handling aids, mobility and access aids, home care and daily living aids, sensors and electronic caids, paediatrics, dementia care, exercise, and assessment, infection prevention, bariatic, bathing, pressure care and therapeutic resources. Purchase can be done online through their portal (marketplace) and provide home delivery service. On 30th of March 2024 the NRS Healthcare company was attacked with ransomware. More than 600k private documents was [sic] downloaded, including: Accounting, HR, Financial reports, Reception, Contracts and much more. Data size: 578Gb. Company itseld has offices in almost every state of United Kingdom. Every office was targetd and attacked. The data breach proof available via download link. We publish the file [link]. To resolve this data breach and obtain the system decryption key, NHS Healthcare need to contact us as soon as possible."” loading=”lazy” data-original-mos=”https://cdn.mos.cms.futurecdn.net/gKnxLvx6N3mhWGNBJkntgd.png” data-pin-media=”https://cdn.mos.cms.futurecdn.net/gKnxLvx6N3mhWGNBJkntgd.png”></p>
</div>
</div><figcaption class=](https://cdn.mos.cms.futurecdn.net/gKnxLvx6N3mhWGNBJkntgd-320-80.png)
(Image credit: Comparitech)
The information stolen allegedly includes over 600,000 private documents including contracts, accounting documents, and financial reports. While NRS Healthcare currently believes that the information is related only to an internal part of its network, the company did recognize that it is possible that information related to customers could have been copied to the internal part of the network, and therefore accessed by the hackers.
Why have there been so many healthcare ransomware attacks?
Healthcare organizations hold a lot of very important, confidential, and sensitive information. This information can range from private medical conditions like HIV+ status to information on sensitive topics, like abortion and infertility, to confidential information related to criminal cases like domestic or sexual violence.
Beyond this, healthcare organizations collect and hold a lot of personal information from patients, like home and email addresses, phone numbers, and full names, as it helps them provide services to their patients.
The sensitive and private nature of this information, along with the fact that patients will, in general, not want this information exposed to the general public make healthcare organizations a ripe target for hackers. By stealing, encrypting, and threatening to leak it unless the organization pays a ransom, they put healthcare providers in a really tricky situation.
Either they can go against cybersecurity best practices and pay the hackers, for securing the information, or they can not pay and have the data leaked. Of course, there is a third option where the organization pays the hackers, but then the information is leaked regardless—no matter what, these organizations are put in a lose-lose position.
With this being said, this is why implementing good cybersecurity is so important for these healthcare organizations. Take the Change Healthcare cyber attack from February of this year, for example.
Following the attack, it was revealed that the Citrix portal hackers used to infiltrate Change Healthcare’s network did not have multi-factor authentication (MFA) turned on, and that stolen credentials had been used to gain access to the network.
While the hackers may have been able to gain access to United Healthcare’s systems despite this, it could have been the step that slowed them down or alerted the company that they were on the network—potentially mitigating the cyber attack’s impact.
Services Marketplace – Listings, Bookings & Reviews