A ransomware gang called Vice Society claims it grabbed confidential data such as patient benefits, financial documents and lab results.
Another health care provider has apparently been the victim of a ransomware attack that exposed private patient information and other sensitive data. A ransomware group known as Vice Society has claimed responsibility for an August attack against United Health Centers that allegedly impacted all of its locations. The incident reportedly led to the theft of patient data and forced the organization to shut down its entire network, BleepingComputer reported on Friday.
SEE: Security Awareness and Training policy (TechRepublic)
BleepingComputer said that it was informed of the attack on Aug. 31 by a source in the cybersecurity industry. This source revealed that the outage disrupted UHC’s IT system at all locations, prompting the organization to re-image its computers and recover data from offline back-ups.
Located in California, United Health Centers is a health care provider with more than 20 centers in such cites as Fresno, Parlier, Sanger and Selma. BleepingComputer said that it reached out to UHC multiple times for comment on the reported attack, but the organization has so far not responded to any queries. TechRepublic also contacted UHC for comment.
Some ransomware gangs had promised not to hit hospitals and health care organizations during the coronavirus pandemic, but such organizations continue to be a tempting target. With sensitive patient data, medical records, lab tests and other vital information, health care facilities are often more likely to simply pay the ransom rather than risk exposure.
“While focusing on patient care, healthcare organizations struggle to secure their patient data, as there is a constant stream of attacks against them,” said James McQuiggan, security awareness advocate for KnowBe4. “Most of them are profit-generating organizations and are willing to pay up, which is why we see cybercriminals continue to target them. Not only do cybercriminals damage the infrastructure, but the attack can damage the reputation of the organization, and patients may be wary of providing sensitive data to them in fear of it being stolen.”
Vice Society is new to the ransomware world, having surfaced just this past June. The group seems to favor the healthcare industry as 20% of the victims listed on its data leak site are healthcare companies, according to BleepingComputer.
SEE: Ransomware attack: Why a small business paid the $150,000 ransom (TechRepublic)
And though a few older ransomware groups may still avoid attacking hospitals, Vice Society apparently has no such restrictions. When asked by BleepingComputer why it targets healthcare organizations, the group responded with the following message:
They always keep our private data open. You, me and anyone else go to hospitals, give them our passports, share our health problems etc. and they don’t even try to protect our data. They have billions of government money. Do they steal that money?
USA president gave big amount to protect government networks and where is their protection? Where is our protection?
If IT department don’t want to do their job we will do ours and we don’t care if it hospital or university.”
With patient data and other sensitive information as risk, how can hospital and healthcare organizations better combat ransomware attacks?
“Healthcare organizations need to invest in their employees’ education on social engineering attacks to help them spot phishing emails and reduce the risk of attacks by cyber criminals via the human element,” McQuiggan said. “Critical systems such as patient data need fortifying with multi-factor authentication to reduce the risk of unauthorized access by cyber criminals if they are able to get inside the network.”
Tim Erlin, VP of strategy for Tripwire, offered additional recommendations.
“Ensuring that you have working backups is fast becoming an insufficient strategy for dealing with ransomware,” Erlin said. “Criminals are adapting to an environment in which organizations are better prepared for ransomware by copying data in addition to encrypting it. With copied and encrypted data, they’re not only ransoming the access to your systems, but you’re also paying them not to release the sensitive data they have. This cyber-blackmail approach means that simply having backups isn’t enough to avoid the potential damage.”
The goal is to focus not just on responding to ransomware attacks but on preventing them, Erlin added. Implementing security best practices does lower the odds of a successful attack. This means making sure that you securely configure your systems, patch vulnerabilities and prevent phishing attacks.