Ransomware Hits Medical - ThreatWire
Added 2020-10-06 17:58:48 +0000 UTCBy Shannon Morse, ThreatWire
Multiple medical services were hit with large cyberattacks taking down and disabling emergency services and hospital data last week. Universal Health Systems is a provider with over 400 locations in the US. It was hit with a cyberattack last weekend, on September 27, taking down their systems, and forcing locations offline. Hospitals had to file patient information on pen and paper while their IT staff disconnected all systems and shut down their networks to prevent further unauthorized access. While UHS did not specifically explain what kind of attack this was or what information was targeted, some media outlets reported it was a ransomware attack. During the downtime, UHS hospitals and clinics did have to turn some patients away, while emergencies were redirected to alternate hospitals.
As of 10/5, the network had been restored and applications were being reconnected on a rolling basis. No patient or employee data was accessed during the attack.
Another cyberattack hit another medical center in Ohio, the Ashtabula County Medical Center. This appears not to be related to the UHS attack, though this too appeared to be a ransomware attack. On Tuesday, the medical center made a statement saying a cyberattack forced their systems offline and forced the clinic to postpone elective procedures. The Emergency department and outpatient care continued as normal. Ashtabula reported that patient data was not compromised.
Lastly, last week, 14 US state police departments reported having 911 outages - this included Arizona, California, Colorado, Delaware, Florida, Illinois, Indiana, Minnesota, Nevada, North Carolina, North Dakota, Ohio, Pennsylvania, and Washington. Phone lines for 911 along with SMS services lost connectivity. While no jurisdiction reported that this incident was caused by a cyberattack, the timing is relevant, and this happened on the same day that UHS was hit. Some reports suspect that the 911 downtime could have been caused by an Office 365 infrastructure change by Microsoft that caused services like Office, Outlook, Teams and such to have connection issues, but it could’ve also been caused by the telephone system provider called PSAP, or Public Safety Answering Points. PSAP handles 911 calls for routing and interconnection before they’re transmitted to the correct call center. One of PSAPs VOIP services appeared to have issues that could have caused the downtime as well, but no confirmation was reported.
Given that ransomware is becoming so prevalent, these three reports, while not related, show how vulnerable medical infrastructure can be.
Support me on alternative platforms! https://snubsie.com/support
Shop ThreatWire Merch Directly! - https://snubsie.com/shop
Shop ThreatWire Merch on Teespring! - https://teespring.com/stores/shannons-store-24
Join now for access to extra perks and to support ThreatWire! https://www.patreon.com/threatwire
Watch this video on youtube: https://youtu.be/AdxgaV1SNZI
https://www.cnet.com/news/universal-health-services-slammed-by-massive-cyberattack/
https://www.uhsinc.com/statement-from-universal-health-services/
https://www.zdnet.com/article/uhs-hospital-network-hit-by-ransomware-attack/
https://www.cyberscoop.com/uhs-cybersecurity-health-care-incident/
https://www.cyberscoop.com/ohio-medical-hack-ransomware/
https://www.zdnet.com/article/911-services-down-in-multiple-us-states/
