A ransomware attack on the University Medical Center of Southern Nevada (UMC) has resulted in an amount of patient data being stolen. The clinic released a statement saying it discovered suspicious activity on its network in June and moved swiftly to mitigate the attack by limiting access to its servers and databases.
A review of the incident is ongoing and the relevant law enforcement agencies have been made aware of the attack. To date, investigators found proof that the cybercriminals were able to infiltrate a server which had been used to store patient data. However, it appears at this stage that clinical systems have not been compromised.
Any cyberattack that prevents systems and data from being accessed can cause safety issues which could result n harm to patients. This is especially true for UMC, as it operates the sole Level 1 trauma center in Nevada. Thanks to the fast action of the UMC IT team, the impact of the breach was kept to a minimal level. Due to the response there were some “minor, intermittent computer login issues for some UMC team members. While these login issues were certainly inconvenient, there have been no disruptions to patient care or UMC’s clinical systems.”
There is a collaborative investigation between UMC, the Las Vegas Metropolitan Police Department, the FBI, and a team of contracted cybersecurity specialists currently underway and efforts are being made to determine how the hackers gained access to its systems and exactly which patients have had their health data compromised.
As a precautionary measure, UMC will be contacting potentially impacted patients and staff members to offer them free identity protection and credit monitoring services.
The attack appears to have been conducted by the REvil (Sodinokibi) ransomware gang, which claims to have stolen patient data prior to encrypting files. The group has released some patient data on its leak site; although it has not been confirmed whether the data was stolen from UMC.