Ransomware Groups are Escalating Their Attacks on Healthcare Organizations

Ransomware groups have shown no signs of declining their attacks on hospitals, apparently intensifying attacks on healthcare institutions as countries all over the world cope with a new wave of COVID-19 virus. 

Two healthcare institutions in California and Arizona have begun sending out breach notification letters to thousands of people after both disclosed that sensitive information — including social security numbers, treatment information, and diagnosis data —, was obtained during recent hacks. 

LifeLong Medical Care, a California health facility, is mailing letters to about 115 000 people informing them of a ransomware attack on November 24, 2020. The letter does not specify which ransomware gang was responsible. Still, it does state that Netgain, a third-party vendor that offers services to LifeLong Medical Care, “discovered anomalous network activity” only then concluded that it was a ransomware assault by February 25, 2021. 

Netgain and LifeLong Medical Care finished their investigation by August 9, 2021. They discovered that full names, Social Security numbers, dates of birth, patient cardholder numbers, treatment, and diagnosis information were accessed and/or obtained during the assaults. 

Credit monitoring services, fraud alerts, or security freezes on credit files, credit reports, and stay attentive when it comes to “financial account statements, credit reports, and explanation of benefits statements for fraudulent or unusual behavior,” as per LifeLong Medical Care. 

For further information, anyone with questions can call (855) 851-1278, which is a toll-free number. 

After being struck by a ransomware assault that revealed confidential patient information, Arizona-based Desert Wells Family Medicine was compelled to issue a similar letter to 35 000 patients. 

On May 21, Desert Wells Family Medicine learned it had been hit by ransomware and promptly engaged an incident response team to assist with the recovery. The incident was also reported to law enforcement. 

According to the healthcare institution, the ransomware gang “corrupted the data and patient electronic health records in Desert Wells’ possession before May 21”. After the malicious actors accessed the healthcare facility’s database and backups, it was unrecoverable. 

Desert Wells Family Medicine stated in its letter, “This information in the involved patient electronic health records may have included patients’ names in combination with their address, date of birth, Social Security number, driver’s license number, patient account number, billing account number, health insurance plan member ID, medical record number, dates of service, provider names, and medical and clinical treatment information.” 

The organization stated that it is presently reconstructing its patient electronic health record system and will provide free credit monitoring and identity theft prevention services to victims. 

“Patients should also check statements from their healthcare providers or health insurers and contact them right away if they notice any medical services they did not get,” the letter continued. 

These recent assaults, according to Sascha Fahrbach, a cybersecurity evangelist at Fudo Security, indicate that the healthcare business, with its precious personal information, remains an enticing and profitable target for hackers and insiders. 

“There were more than 600 healthcare data breaches last year, with more than 22 million people affected, and unfortunately, this trend shows no sign of slowing down. Healthcare operators need to reassess their security posture, as well as shifting their mindset when it comes to safeguarding their data,” Fahrbach added. 

“In particular, third parties remain a security liability which needs to be urgently addressed. Many in the healthcare industry are not taking the proper steps to mitigate third-party remote access and third-party vendor risk.” 

After the Hive ransomware knocked down a hospital system in Ohio and West Virginia last month, the FBI issued a notice two weeks ago, adding that the gang frequently corrupts backups as well.

Hive has targeted at least 28 companies so far, including Memorial Health System, which was struck by ransomware on August 15.