stock.adobe.com

FBI Probing 2 Hospital Ransomware Attacks; Hackers Remove Health Data

Previously leaked data from New Mexico’s Rehoboth McKinley Christian Health Care has been removed from the dark web, while the FBI is investigating the incident and another in North Carolina.

The FBI is currently investigating at least two separate ransomware incidents: one attack on Rehoboth McKinley Christian Health Care in New Mexico and another on Allergy Partners care sites in North Carolina. 

The hackers have also removed data they previously leaked from the New Mexico provider. Rehoboth McKinley Christian Health Care is a nonprofit hospital that serves the Navajo nation. COVID-19 has hit the community hard, making the data leak and EHR downtime all the more concerning.

As previously reported, Conti threat actors posted data they claim to have stolen from Rehoboth McKinley several days before officials reported network outages due to a cyberattack. An email sent to HealthITSecurity.com shows the FBI is currently investigating the ransomware attack and the subsequent data leak.

The leaked data included scanned patient IDS, driver’s licenses, bills of sale, and other sensitive information, such as prescriptions, full scans of patient treatments, diagnoses, and the like. An examination of the posting also revealed employee information.

Since the initial report, the hackers have removed the listing from the dark web. The cyberattack was confirmed by officials several days after the dark web posting went live.

As the FBI is continuing to investigate the incident, details on the recovery efforts have been scarce. So far, it appears the hospital was forced to take certain systems offline, while clinicians lost online access to patient records. Third-party investigators were also hired to determine the scope and extent of the event.

Meanwhile, the FBI has been brought in to investigate the attack on Allergy Partners, according to local news outlet ABC13 News. The hackers demanded a $1.75 million ransom to decrypt the files.

A notice on Allergy Partners’ website confirms the attack was launched on February 23 and lasted for eight days.

“Our IT team has been working tirelessly to restore systems safely and efficiently, and we have been servicing patients as normal at a majority of our locations since March 1st,” officials explained. “If we learn patient information was involved in this incident, we will notify those patients directly.”

The provider was forced to delay some appointments at two care sites. Allergy Partners hired an outside investigator to investigate the scope of the attack, which worked alongside the IT team to bring the systems back online.

There have been at least three hospitals to report ransomware-induced EHR downtime in the last month. Illinois-based St. Margaret's Health - Spring Valley has been recovering from an attack that also struck in late February. 

The hospital hired an outside security firm to determine the scope of the incident, including how the hackers were able to break into the network.

Cyberattacks on healthcare doubled in the last year, with 28 percent tied to ransomware. Given the frequency of these attacks on healthcare and the potential impact, providers struggling to keep pace with these threats should take advantage of the free resources recently provided by MITRE and the Center for Internet Security.

As reported by Universal Health Services, ransomware can have a staggering impact both financially and operationally. The September 2020 incident on 400 UHS care sites caused three weeks of EHR downtime and about $67 million in lost revenue and recovery efforts.

Next Steps

Dig Deeper on Cybersecurity strategies