Filed under reprehensible, The Record reported on a ransomware attack on a children's hospital discovered on Jan. 31, causing disruptions to pediatric patient care including longer wait times and cancelled appointments. The attackers demanded $3.4 million to decrypt the hospital's systems. “The Rhysida ransomware-as-a-service group—which emerged in May last year, and has previously disrupted 16 hospitals across the U.S.—has now listed Lurie on its darknet extortion site,” said Alexander Martin in the report.
The large pediatric hospital has remained open, though some appointments and elective procedures were canceled. Due to the switch back to manual processes, patients have experienced longer wait times and parents have been advised to bring their children’s medication bottles or printed prescription lists with them. Certain key systems were restored as reported by NBC News on Mar. 4, but patient portal MyChart remains offline.
Meanwhile, there may have been a development in the ongoing ransomware attack at Change Healthcare, which has impacted pharmacies (including those located within hospitals). Wired reported that the hackers behind the Change attack received a payment of approximately $22 million. “The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom,” reported Andy Greenberg. Change Healthcare’s spokesperson declined to comment.
A large payment does not bode well for the healthcare industry at large. Brett Callow, a researcher focused on ransomware, noted in the Wired coverage, “If Change did pay, it’s problematic. … It highlights the profitability of attacks on the health care sector. Ransomware gangs are nothing if not predictable: If they find a particular sector to be lucrative, they'll attack it over and over again, rinse and repeat."
Related Reading: Cybersecurity Risk 101: The Difference Between IT and OT Attacks
