During the month of October, cybercriminals broke into the computer system of a health care system in Louisiana, gaining access to the personal information of roughly 270,000 individuals.
According to a representative named Allison Livingston, the hackers’ effort to encrypt the computers belonging to the Lake Charles Memorial Health System, which includes a hospital with 314 beds, was foiled, and there was no interruption to the provision of medical services for patients. According to what Livingston wrote in an email, the attack was discovered by the security staff of the health care provider.
The breach was discovered in recent days, and patients whose data had been stolen are now being notified by the network of institutions. According to the health system, this includes the patients’ health insurance information, the numbers associated with their medical records, and in “limited situations,” the patients’ Social Security numbers.
During the almost three years that the Covid-19 outbreak has been ongoing, this is the most recent in a string of ransomware attacks that have continued to affect health care providers in the United States, who are often lacking in resources to protect their networks.
A ransomware group known as Hive claimed credit for breaking into Lake Charles Memorial and dumping data that they falsely claimed belonged to the health system on a website that was designed specifically for the purpose of extorting victims.
The FBI and other government authorities have issued a warning that as of November, the Hive ransomware has been used to extort almost $100 million from over 1,300 firms throughout the globe, the majority of which were in the health care industry.
Even if a ransom isn’t paid, these attacks draw a lot of attention for the ransomware organization, which increases their reputation. This is one reason why the healthcare industry continues to be an appealing target for ransomware gangs.
In an effort to gain more bargaining power in ransom talks, ransomware gangs like as Hive are increasingly stealing data from firms that have been compromised before shutting down their machines. Some operators of ransomware have taken use of stolen data in order to contact patients personally and demand money while threatening to reveal the patients’ medical information if they don’t comply with their demands.
Although Lake Charles Memorial said that the breach had no impact on its commercial operations, the operations of a number of other important health care providers in the United States and Canada have been hampered during the last several weeks.
After a recent attack by ransomware, one of the major children’s hospitals in Canada, SickKids, has indicated that it may take several weeks before all of its computer systems are completely restored. As a result of the slow recovery, the hospital said in a statement that “some patients and families may still face diagnostic and/or treatment delays.”
During this time, a network of three hospitals in Brooklyn, New York, was forced to function off of paper charts for many weeks as a result of a cyberattack that occurred toward the end of November on its computer systems.
In recent years, leaders in the health care business have become considerably more conscious of the dangers posed by hacking, and a cottage industry consisting of cybersecurity professionals and consultants has concentrated on enhancing the industry’s defenses.
However, according to experts, smaller hospitals, in particular, sometimes do not have sufficient resources or employees to defend the computer networks that they use. There are occasions when volunteers attempt to fill a hole. During the early stages of the pandemic, a team of cybersecurity professionals worked in shifts through the night to assist in protecting medical facilities from cyberattacks.
Attacks using ransomware may pose a risk to patient safety. It is possible for a ransomware attack on a hospital that is already under pressure because to the Covid-19 outbreak and other issues to lead to “lower capacity and worsening health outcomes.”
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.