Monthlong Cyberattack Disrupts Operations at UKentucky Health

The University of Kentucky and its health system have been working to remove cryptocurrency malware from its systems; another cyberattack, phishing attacks, and ransomware complete this week’s breach roundup.

The University of Kentucky (UK) and UK Healthcare have been working to remove cryptocurrency malware from its network after a February cyberattack. The malware caused significant network issues and daily disruptions to its operations, according to local news outlet Lexington Herald Leader.

Cryptocurrency malware was a top threat in 2018 healthcare security incidents, while Microsoft warned of new variants in November. The tech giant also warned its reported remote desktop protocol flaw known as BlueKeep would be targeted with these types of attacks.

Hackers first installed the malware on university’s system in early February causing temporary system failures, especially with UK Healthcare. The health system consists of UK Albert B. Chandler Hospital and Good Samaritan Hospital, serving about 2 million patients in the Lexington area.

Patient safety and care was not impacted by the attack. On Sunday, officials said they believe the issue was remediated after a massive system reboot that lasted for three hours. It appears the malware has been removed, but officials will continue to monitor the network to ensure access from outside attacks has been blocked.

According to officials, it appears the attack originated from outside the US. The university engaged a third-party forensics team to assist with an investigation of the incident to determine if any sensitive information was accessed or downloaded.

At the moment, it appears the hackers were just seeking to mine cryptocurrency and steal the system’s processing capabilities. The university has since installed new security software and has spent more than $1.5 million removing the hackers and virus from its network and improving its security posture.

Arkansas Children’s Hospital Cyberattack

Arkansas Children’s Hospital in Little Rock also rebooted its system this week after a cyberattack. However, the incident is not impacting patient services, and the provider is operating as usual, according to local news outlet Arkansas Democrat Gazette.

The attack impacted the provider as a system and included system disruptions at Arkansas Children’s Northwest in Springdale. Some appointments and procedures may be delayed until the security incident is resolved. But the health system is relying on its downtime protocols and practices to ensure patient safety.

The provider is working with an outside digital forensics firm and the FBI, as it works to recover and investigate the incident.  Currently, there’s no timeline for how long recovery will last. The report did not detail the precise threat impacting the system.

Massive Phishing Campaign at Munson Healthcare

Michigan-based Munson Healthcare is notifying patients that their patient data was compromised after a massive phishing campaign on the health system.

Dozens of employees fell victim to a targeted phishing attack for months between July 31 and October 22, 2019. The notice did not outline when the attack was first discovered, but the investigation determined the impacted accounts contained patient data on January 16, 2020.

Officials performed a manual document review with outside cybersecurity experts and determined a wide range of patient information was affected during the incident, including names, dates of birth, insurance details, treatment information, and diagnostic details.

For some patients, financial data, Social Security numbers, and driver’s license numbers were compromised during the attack, who will receive a year of free credit monitoring. Not all Munson Healthcare patients were affected.

“Munson regularly trains and educates all employees on cyber security awareness and risks, and we use a 24/7 staffed cybersecurity response team in partnership with other Michigan hospitals to detect and respond to suspicious incidents as they happen,” Lucas Otten, Munson Healthcare system director of information security, said in a statement.

“As cybersecurity threats continue to evolve, we will continue evolving our defenses to match and will implement additional technical safeguards to prevent the recurrence of similar incidents,” he added.

Ransomware Attack Forces Computer Shutdown at Jordan Health

Rochester, New York-based Jordan Health was hit with a ransomware attack on February 26, which forced the provider to shut down its computer systems, servers, and all devices on the network, according to local news outlet Rochester First.

The attack was first detected on its servers at night, prompting officials to preemptively go dark in an attempt to stop the attack from spreading. Its emergency team activated its recovery plan, while working with the FBI and others to restore the network.

Shortly after the incident, hackers sent the provider a ransom note. Officials did not respond nor do they plan to, as they “serve some of the poorest of Rochester’s community. We serve the under-served, we work on a shoe-string budget, and why anyone would think that we would be in a position to pay a ransom is beyond me. And the impact it could have on our patients if we were not ready could be disturbing.”

Currently, it appears patient data was not impacted as it was stored in a separate, encrypted server that was not part of the initial attack. Officials worked under downtime procedures during recovery, including manual operations and relying on paper records instead of its EHR.

81K Patients Impacted by Tennessee Orthopaedic Phishing Attack

Tennessee Orthopaedic Alliance is notifying more than 81,000 patients that their data was potentially compromised after a hack on two employee email accounts.

On October 18, unusual activity was detected in its email environment. Officials said they soon determined a hacker potentially gained access to an employee’s email account. The account was then secured, and an investigation was launched with assistance from an outside digital forensics firm.

They determined two employee email accounts were accessed for nearly two months between August 16 and October 14, 2019. The notification did not outline when the attack was first discovered, but the investigation determined in January that patient data was compromised during the attack.

The affected data varied by patient and could include names, dates of birth, contact details, Social Security numbers, health insurance information, treatment and diagnostic information (including codes), and treatment cost information. The incident only impacted the email system.

Monthlong Email Hack Impacts 45K Jefferson Dental Patients

The email account of a Dallas-based Jefferson Dental Care Healthcare Management employee was hacked for about a month in the summer of 2019, which potentially breached the data of 45,748 patients.

Suspicious activity was discovered in the impacted account in October 2019. An investigation determined an unauthorized party had access to the account between July 21 and August, 26 2019. The investigation determined the account contained patient health data in December.

The compromised data included names, patient numbers, medical record numbers, treatment data, contact details, dates of birth, payment data, medial histories, and health insurance information. All patients will receive free credit monitoring and identity protection services.

According to its notice, Jefferson is working to improve its security policies and procedures and will implement changes where necessary.

Next Steps

Dig Deeper on Healthcare data breaches