Ransomware attacks in healthcare occur more frequently than one would think. The healthcare industry holds a wealth of sensitive information that hackers exploit for money. 2019’s top 10 ransomware attacks in healthcare are discussed below.
- The Cancer Center of Hawaii on Oahu
- Great Plains Health
- Virtual Care Provider
- Ferguson Medical Group
- Monterey Health Center
- DCH Health System Hospitals
- Wood Ranch Medical
- CHI Health Lakeside Hospital
- Campbell County Health
- Premier Family Medicine
Ransomware Attacks in Healthcare: The Cancer Center of Hawaii on Oahu
November 5, 2019, the Cancer Center fell victim to a ransomware attack, forcing the treatment center to shut down their network servers. As a result, the center had to delay radiation therapy treatments for their patients. They have since recovered their data and resumed patient treatment. A forensic investigation occurred, although access to patient data by hackers cannot be ruled out.
Ransomware Attacks in Healthcare: Great Plains Health
November 25, 2019, the Nebraska based covered entity suffered a ransomware attack that caused their patient files to be maliciously encrypted. Without access to their patient’s medical records, the healthcare provider was forced to cancel all non-emergency patient appointments. Not only did the Hospital lose access to medical records, the hackers also disabled their phone and email systems. Great Plains believes that patient information was not compromised in the attack and that hackers accessed the Hospital network to extort money, however, investigations are still underway.
Ransomware Attacks in Healthcare: Virtual Care Provider
November 17, 2019, Virtual Care Provider was the victim of a ransomware attack that affected 110 of their nursing home and acute care facilities. The ransomware attack affected the healthcare provider’s data storage and internet security services. This debilitating attack left Virtual Care Provider without access to the internet and patient records, and the inability to order medication and pay employees. The hackers demanded $14 million in Bitcoin for the return of data access. It is unclear what the long term implications of the incident as investigations and efforts to rebuild the facilities data are underway.
Ransomware Attacks in Healthcare: Ferguson Medical Group
September 21, 2019, Ferguson Medical Group experienced a ransomware attack that left their patient medical records encrypted. The Group decided not to pay the ransom, and although they were able to restore some records, others were permanently lost. Any patient that received care from September 20, 2018 to December 31, 2018 lost their medical records. It is unclear whether or not hackers viewed the protected health information (PHI) before malicious encrypting the data.
Ransomware Attacks in Healthcare: Monterey Health Center
August 12, 2019, Monterey Health Center suffered a ransomware attack that encrypted their electronic medical records (EHR) system. Through the help of a third-party firm, they were able to restore patient data. However, it is unclear whether or not they paid the ransom, or if data was restored from offsite backups.
Ransomware Attacks in Healthcare: DCH Health System Hospitals
October 1, 2019, DCH Health Systems Hospitals was the victim of a ransomware attack affecting all three of its Alabama hospitals. The attack prevented the hospitals from accessing their computer systems. To restore data, DCH used some backup files, but also paid hackers for the decryption key.
Ransomware Attacks in Healthcare: Wood Ranch Medical
August 10, 2019, Wood Ranch Medical experienced a ransomware attack that forced them to close permanently. Hackers encrypted their medical records, and irreparably damaged computer systems. Although the practice had backed up their files, they could not restore data as the backups were also encrypted.
Ransomware Attacks in Healthcare: CHI Health Lakeside Hospital
August 1, 2019, CHI Health fell victim to a ransomware attack that encrypted an old EHR database. The records that were affected were for patients that had been seen before April 2016. Compromised information included patient names, phone numbers, addresses, dates of birth, diagnosis and treatment information, and Social Security numbers.
Ransomware Attacks in Healthcare: Campbell County Health
September 20, 2019, Campbell County Health experienced a ransomware attack causing significant disruption to medical services. All of its systems were affected by the attack, causing them to redirect patients to other facilities.
Ransomware Attacks in Healthcare: Premier Family Medicine
July 8, 2019, Premier Family Medicine discovered a ransomware attack on their IT systems. Investigations found that there was no evidence that data was accessed or stolen as a result of the incident.