A ransomware attack on an Aberdeen, WA-hospital and associated clinics is still wreaking havoc over two months after the initial attack took place. The cybercriminals have requested $1 million for the keys to unlock the encryption on the captured data.
On June 15, 2019, Grays Harbor Community Hospital started noticing IT problems. The attack happened on a Saturday when staffing numbers were low so, at first, the problem was put down as an IT issue. On Monday it became clear that ransomware was to blame and measures were taken to isolate the infection and secure the network; however, the cybercriminals had already obtained access to servers and the systems used by Harbor Medical Group clinics. The starting point of attack appears to have been a reaction to a phishing email by a single staff member.
Harbor Medical Group manages eight medical centers in the Aberdeen and Hoquiam region, and those clinics were the worst impacted by the attack. Grays Harbor Community Hospital used older software, which stopped the ransomware from being downloaded to the hospital’s main computer system. The clinics used more recent software, which allowed the cybercriminals to infect more systems. Those systems are still not operational at the medical centers, which are using pen and paper to capture patient data.
A hospital representative said patient care has not been impacted. The hospital is still providing emergency care to patients and appointments are going ahead as was planned. There have been some delays to appointments and there are still problems accessing patient data. Patients have been advised to bring details of their prescriptions and their medical records and to make that information available at point of treatment.
The hospital had implemented backups but it was not possible to recover files as the backups had also been encrypted. As of August 13, 2019, the hospital still had not obtained access to its files. The attack has been made known to the FBI and the hospital is helping with its investigation.
The hospital had earlier taken out a cybersecurity insurance policy for $1 million, which may include the ransom payment. It is unclear whether the ransom demand has been met.
No proof of data access or theft was identified, but the possibility could not be ruled out. Impacted patients had the following information made accessible: Full name, address, phone number, date of birth, Social Security details, insurance information, diagnoses, and treatment details.
The hospital has began alerting the 85,000 patients impacted by the breach and each has been provided with complimentary credit monitoring services. Security measures are being reviewed at the hospital and medical group and extra hardware and software solutions will be put in place as necessary to enhance security. Employees will also be given more training.