Over 100 Nursing Homes Are Latest Victims of Ransomware Attacks in Healthcare

Ransomware attacks in healthcare have crippled the IT realm of about 100 nursing homes throughout the U.S., according to KrebsOnSecurity.com.

Virtual Care Provider Inc. (VCPI), based in Milwaukee, Wisc., provides technology services to about 100 acute-care facilities and nursing homes across the country. Some of VCPI’s customers report inability to access patient records, access the internet, pay their employees, or order medications.

According to the Milwaukee Journal Sentinel, Russian hackers are behind the data breach that began Nov. 17. The Sentinel spoke with Hold Security’s Alex Holden, who said a highly skilled group of Russian hackers has committed multiple data breaches. The hackers apparently took over VCPI’s computer system over the course of 14 months by sending employees phishing emails that once clicked on, allowed hackers to infiltrate the company’s network and spread throughout it.

The hackers basically knocked on virtual doors, and broke down the easiest ones. Holden said the hackers disabled antivirus software, eventually pushing themselves into administrators’ accounts.

According to cybersecurity blogger Brian Krebs of Krebs on Security, the hackers went into “God mode” upon accessing administrator’s accounts because the hackers could delete or lock anything they wanted.

The data is now locked away until VCPI pays a $14 million ransom in Bitcoin. Holden said the hackers made a big mistake because VCPI controls an 80,000-computer network, which gave hackers the impression the company was rolling in cash. However, the company is a relatively small company that does not have millions of dollars sitting around, said Holden.

Even if VCPI paid the ransom, there’s no guarantee the hackers would honor their word and unlock the company’s data. In fact, the Federal Bureau of Investigation (FBI) doesn’t advise paying the ransom in a ransomware attack because there’s no guarantee the paying organization will receive a decryption key upon paying the money.

VCPI itself is not a healthcare provider, but is a healthcare IT company that prides itself on its “complete management control of all your critical information” and “security is tight, really tight!” The company’s website says, “In the event of an emergency, all data is secure, with specific plans in place to manage a disaster.”

Ryuk Ransomware Attacks in Healthcare

VCPI’s data breach was caused by a ransomware strain called Ryuk, which most often is used to cripple businesses that supply IT services to other companies. Hospitals and other health care agencies are increasingly being victims of ransomware attacks.

Karen Christianson, VCPI’s chief executive and owner, told KrebsOnSecurity that Ryuk has affected everything from access to patient records to their own payroll operations. She said the number one priority is to restore functionality to the electronic medical records. She said life-threatening situations take precedence over payroll.

She also explained that one assisted living residence needs to submit billing to Medicaid by Dec. 5 or the place will go out of business. Seniors with no family to turn to will have nowhere to go, she fears.

Krebs said, “The ongoing incident at VCPI is just the latest in a string of ransomware attacks against health organizations, which typically operate on razor thin profit margins and have comparatively little funds to invest in maintaining and securing their IT systems.”

Ransomware attacks in healthcare can cause delays in crucial treatments, potential risk of identity theft, and even complete hospital or care facility closures. Patients who have been in facilities affected by a ransomware attack may qualify to participate in a healthcare ransomware attack class action lawsuit investigation.

Join a Free Hospital Ransomware Attack Class Action Lawsuit Investigation

If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted your medical care, you may qualify to join a hospital ransomware attack class action lawsuit investigation.

Learn More

This article is not legal advice. It is presented
for informational purposes only.