Hackers accessed the non-public knowledge of almost 270,000 sufferers in an tried ransomware assault on a Louisiana well being care system in October, a spokesperson for the system informed CNN Wednesday.
Lake Charles Memorial Well being System, which features a 314-bed hospital, thwarted the hackers’ try to encrypt its computer systems and prevented any disruption to affected person care, in response to spokesperson Allison Livingston. The well being care supplier’s personal safety crew detected the hack, Livingston mentioned in an e mail.
The hack was disclosed in current days because the community of hospitals notifies sufferers whose knowledge was compromised. That features sufferers’ medical insurance info, medical information numbers and, in “restricted situations,” Social Safety numbers, in response to the well being system.
It’s the newest in a collection of ransomware assaults which have continued to hit US well being care suppliers, which are sometimes quick on cybersecurity sources, within the almost three years of the Covid-19 pandemic.
On their darkish web site for extorting victims, a ransomware gang generally known as Hive took accountability for hacking Lake Charles Memorial and dumped knowledge purporting to belong to the well being system.
As of November, Hive ransomware had been used to extort about $100 million from over 1,300 corporations worldwide – lots of them in well being care – the FBI and different federal businesses have warned.
“Healthcare continues to be a lovely for ransomware teams as a result of even when a ransom isn’t paid, these assaults appeal to a variety of consideration for the ransomware group, growing their notoriety,” Allan Liska, senior risk intelligence at cybersecurity agency Recorded Future, informed CNN.
Ransomware gangs equivalent to Hive more and more steal knowledge from sufferer organizations earlier than locking down computer systems in an try to extend their leverage in ransom negotiations. Some ransomware operators have “exploited stolen knowledge to succeed in out to sufferers on to demand cost below risk of getting their affected person information launched,” Liska mentioned.
Whereas Lake Charles Memorial mentioned its enterprise operations have been unimpeded by the hack, these of different key US and Canadian well being care suppliers have been disrupted this vacation season.
SickKids, considered one of Canada’s largest youngsters’s hospitals, mentioned it may take weeks to completely restore its pc methods following a current ransomware assault. The gradual restoration means “some sufferers and households should still expertise diagnostic and/or therapy delays,” the hospital mentioned in an announcement.
In the meantime, a community of three hospitals in Brooklyn, New York, needed to work off paper charts for weeks following a cyberattack on its pc methods in late November, the hospital group’s chief govt informed CNN.
Well being care executives have grown rather more conscious of hacking threats lately and a cottage trade of cybersecurity specialists and consultancies have centered on bettering the sector’s defenses.
However small hospitals particularly typically lack constant funding and personnel to guard their pc networks, in response to consultants. Generally volunteers attempt to fill the void. Within the early days of the pandemic, a gaggle of cybersecurity consultants labored night time shifts to assist defend well being care suppliers from hacks.
Ransomware assaults can threaten affected person security. A ransomware assault on a hospital already below pressure from the Covid-19 pandemic and different crises can result in “decreased capability and worsened well being outcomes,” in response to a research from the Division of Homeland Safety’s cybersecurity company.
Supply: CNN