Posted on September 12, 2021 at 6:00 PM
Healthcare Organizations Attacked by Ransomware Groups amidst Increased Covid Infection Cases
With the increase in COVID-19 infections, hackers have taken advantage of the situation to hack into systems of healthcare organizations. They steal their confidential information and threaten to expose them unless they respond to their ransom demands.
Among the healthcare organizations that have been victims of ransomware is the renowned Barlow Respiratory Hospital in California. Although the hospital could save itself from the most severe attacks, some of its patient data was leaked.
There has been no relaxation for these ransomware groups, especially when hospitals are concerned. In fact, they have been adding to their attacks since the pandemic, targeting institutions that deliver healthcare. The ransomware groups have only strengthened their attacks with the increased threat of the virus and its subsequent evolutions to different variants.
Increased Hacks on Hospitals
Several hospitals have been attacked so far, including but not limited to the Eskenazi Health, Waikato DHB, and the renowned Center Hospitalier D’Arles. These hospitals were cited on the leak site operated by the ransomware group. The criminal group has also been associated with the recent post about the California-based Barlow Respiratory Hospital, which recently leaked data.
In the case of Barlow Respiratory Hospital attacked on 27th August 2021, the authorities were notified right after the ransomware was noticed on their information technology systems. Thanks to the timely response, the hospital was able to save itself from a worse outcome. With no patients affected, the operations of the healthcare institution went on without interruption.
Moving forward, the hospital has put efforts to protect themselves and their patients against similar attacks. The management realized that data was extracted from a few of their backup systems through their IT team. With this discovery, the hospital also found out that the same information was spotted on the dark web, which criminals used to post illegally acquired information.
Moving forward, Barlow Respiratory Hospital has committed to working hand in hand with the concerned law enforcement agencies for purposes of enabling the investigation. Cybersecurity agencies have also been brought in as a security enhancement precaution. The hospital has also expressed intentions to inform the individuals whose confidential data may have been accessed in an ethical move.
Social media platforms came forward in masses to stand with and show support for the hospital. The outrage is inspired by the pandemic’s effect on everyone and that it has become a rather emotional or personal issue for the affected and the unaffected. There have also been cases of hospitals coming forward to report a ransomware attack, an outcome probably inspired by social media support.
There are many other ransomware attackers out there, not just the notorious Vice Society. Some of the ones reported by the FBI include the Hive Ransomware group, which had a case late last month for taking down hospital systems in both Ohio and West Virginia. Their signature move was to corrupt the backups of these hospitals completely, leaving them crippled and not knowing where or how to move forward in terms of patient records.
Hive has been associated with almost 30 institutions. These criminal groups’ preference for hospitals is fueled by the fact that healthcare facilities have a lot of sensitive data like social security numbers of individual patients and hospital staff, among other personal data.
Ransomware groups
While there have been many groups coming forward to demand ransom, among the ones that have stood out the most is the Vice Society. This group was first cited in June and has since grown its popularity by targeting several hospital facilities to leak confidential patient data.
According to cyber researchers from the renowned Cisco Talos, Vice Society has earned a reputation as a group with an unmatched ability to take advantage of fresh security vulnerabilities and exploit these loopholes in executing their ransomware attacks. Cisco Talos also highlighted that Vice Society was more prone to capitalize on the vulnerabilities presented by Windows PrintNightmare.
Like other ransomware attackers targeting healthcare organizations, Vice Society ran a site purposely for leaking data. It used to expose information about people who had not complied with their ransom demands. By hacking into the systems of these institutions, the threat actors extorted them and followed through with their threats if they failed to pay up.
Yet another Cybersecurity group called Dark Owl proposed that Vice Society was an imitation of the famous Hello Kitty. Hello Kitty is a ransomware group that operates almost the same way how Linux System was encrypted. A citing of the Hello Kitty happened when they were associated with a ransomware attack against the Swiss city of Rolle some time back.