Barlow Respiratory Hospital in California escaped the worst of a recent ransomware attack, but still had patient data posted on a leak site.
Ransomware groups have shown no signs of slowing down their assault on hospitals, apparently increasing attacks on healthcare institutions as dozens of countries face a new wave of COVID-19 infections thanks to the powerful Delta variant.
One of the newer ransomware groups, Vice Society, debuted in June and made a name for itself by attacking various hospitals and leaking patient information. Cybersecurity researchers at Cisco Talos said the Vice Society has been known to “be quick to exploit new security vulnerabilities to aid ransomware attacks” and frequently exploit vulnerabilities in Windows PrintNightmare during attacks.
“As with other threat actors operating in the big game space, the Vice Society operates a data breach site, which they use to publish data extracted from victims who do not choose to pay their extortion lawsuits,” explained Cisco Talos on last month.
Cybersecurity firm Dark Owl added that Vice Society “is considered a possible derivative of the Hello Kitty ransomware variant based on similarities in techniques used for Linux system encryption.” According to Black Fog, they were implicated in a ransomware attack in the Swiss town of Rolle in August.
Several hospitals, Eskenazi Health, Waikato DHB, and Center Hospitalier D’Arles, have appeared on the criminal group’s leak site. The group caused a sensation this week by publishing data from the Barlow Respiratory Hospital in California.
The hospital was attacked on August 27 but managed to avoid the worst, noting in a statement that “no patient was at risk of harm” and that “hospital operations continued without interruption.”
Barlow Respiratory Hospital told ZDNet that the police were immediately notified once the hospital noticed that the ransomware affected some of its IT systems.
“Although we have gone to great lengths to protect the privacy of our information, we learned that some data was removed from certain backup systems without authorization and posted on a website where criminals post stolen data, also known as the ‘dark web ‘Our investigation into the incident and the data involved is ongoing, “the hospital said in a statement.
“We will continue to work with law enforcement agencies to assist in their investigation, and we are working diligently, with the help of a cybersecurity firm, to assess what information may have been involved in the incident. If necessary, we will notify the individuals whose information may have been involved, in accordance with applicable laws and regulations, in due course. “
The attack on Barlow caused considerable outrage online considering the importance of the hospital during the COVID-19 pandemic. But dozens of hospitals continue to come forward to say they have been targeted by ransomware attacks.
Vice Society is far from the only ransomware group targeting hospitals and healthcare institutions.
The FBI issued an alert about Hive ransomware two weeks ago after the group brought down a hospital system in Ohio and West Virginia last month, noting that it typically corrupts backups as well.
So far, Hive has targeted at least 28 organizations, including Memorial Health System, which was targeted with ransomware on August 15.
Ransomware groups are also increasingly targeting hospitals because of the confidential information they carry, including social security numbers and other personal data. In recent months, several hospitals have had to send letters to patients admitting that sensitive data was accessed during the attacks.
Simon Jelley, CEO of Veritas Technologies, said that targeting healthcare organizations is “particularly despicable.”
“These criminals are literally putting people’s lives in danger for profit. The elderly, children and anyone else who requires medical attention will probably not be able to get it as quickly and effectively as they need. At the same time, the pirates Computer scientists hold hospital systems and data prisoner, “Jelley said.
“Not to mention, healthcare facilities are already struggling to keep up as COVID-19 cases rise once again in many parts of the country. Preventing ransomware attacks is a noble endeavor, but as the attack illustrates to Memorial Health System and as many others as In recent months, preparation to deal with the aftermath of a successful attack is more important than ever. “
Author: Jonathan Greig.