CNN
—
Hackers accessed the personal data of nearly 270,000 patients in an attempted ransomware attack on a Louisiana healthcare system in October, a spokesperson for the system told CNN on Wednesday.
The Lake Charles Memorial Health System, which includes a 314-bed hospital, thwarted hackers’ attempt to encrypt its computers and prevented any disruption to patient care, according to spokeswoman Allison Livingston. The healthcare provider’s own security team detected the hack, Livingston said in an email.
The hack has come to light in recent days as the hospital network notifies patients whose data has been compromised. This includes patients’ health insurance information, medical records numbers and, in “limited cases”, social security numbers, depending on the health system.
It’s the latest in a series of ransomware attacks that have continued to plague US healthcare providers, which often lack cybersecurity resources, during the nearly three-year pandemic. Covid-19.
On their dark victim extortion website, a ransomware gang known as Hive took responsibility for the Lake Charles Memorial hack and dumped data claiming to belong to the healthcare system.
By November, Hive ransomware had been used to extort around $100 million from more than 1,300 companies around the world – including many in healthcare – the FBI and other federal agencies have warned.
“Health continues to be attractive to ransomware groups because even if a ransom is not paid, these attacks attract a lot of attention for the ransomware group, increasing their notoriety,” said Allan Liska, intelligence officer on threats to cybersecurity firm Recorded Future. CNN Future.
Ransomware gangs such as Hive are increasingly stealing data from victim organizations before locking down computers in an effort to increase their leverage in ransom negotiations. Some ransomware operators have “leveraged stolen data to contact patients directly to demand payment under the threat of having their patient records leaked,” Liska said.
While Lake Charles Memorial said its business operations were not hampered by the hack, those of other major U.S. and Canadian healthcare providers were disrupted this holiday season.
SickKids, one of Canada’s largest children’s hospitals, said it could take weeks to fully restore its IT systems following a recent ransomware attack. The gradual recovery means “some patients and families may still experience diagnostic and/or treatment delays,” the hospital said in a statement.
During this time, a network of three hospitals in Brooklyn, New York, had to work on paper maps for weeks following a cyberattack on its computer systems in late November, the hospital group’s chief executive told CNN.
Health managers have become much more aware of hacking threats In recent years, a cottage industry of cybersecurity specialists and consultants has focused on improving the defenses of the sector.
But smaller hospitals in particular often lack consistent funding and staffing to protect their computer networks, experts say. Sometimes volunteers try to fill the void. At the start of the pandemic, a group of cybersecurity experts worked nights to help defend healthcare providers from hacks.
Ransomware attacks can threaten patient safety. A ransomware attack on a hospital already strained by the Covid-19 pandemic and other crises can lead to “reduced capacity and worsening health outcomes”, according to a study by the cybersecurity agency of the Department of Homeland Security.
0 Comments