Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase

Barlow Respiratory Hospital in California escaped the worst of a recent ransomware attack but still had patient data posted to a leak site.
Written by Jonathan Greig, Contributor

Ransomware groups have shown no signs of slowing down their assault on hospitals, seemingly ramping up attacks on healthcare institutions as dozens of countries deal with a new wave of COVID-19 infections thanks to the potent Delta variant. 

One of the newer ransomware groups, Vice Society, debuted in June and made a name for themselves by attacking multiple hospitals and leaking patient info. Cybersecurity researchers at Cisco Talos said Vice Society is known to be "quick to exploit new security vulnerabilities to help ransomware attacks" and frequently exploits Windows PrintNightmare vulnerabilities during attacks. 

"As with other threat actors operating in the big-game hunting space, Vice Society operates a data leak site, which they use to publish data exfiltrated from victims who do not choose to pay their extortion demands," Cisco Talos explained last month. 

Cybersecurity firm Dark Owl added that Vice Society is "assessed to be a possible spin-off of the Hello Kitty ransomware variant based on similarities in the techniques used for Linux system encryption."  


The Vice Society leak site. 

Cisco Talos

Multiple hospitals -- Eskenazi Health, Waikato DHB and Centre Hospitalier D'Arles -- have been featured on the criminal group's leak site. The group made waves this week by posting the data of Barlow Respiratory Hospital in California.

The hospital was attacked on August 27 but managed to avoid the worst, noting in a statement that "no patients were at risk of harm" and "hospital operations continued without interruption."

Barlow Respiratory Hospital told ZDNet that law enforcement was immediately notified once the hospital noticed the ransomware impacting some of its IT systems. 

"Though we have taken extensive efforts to protect the privacy of our information, we learned that some data was removed from certain backup systems without authorization and has been published to a website where criminals post stolen data, also known as the 'dark web.' Our investigation into the incident and the data that was involved is ongoing," the hospital said in a statement. 

"We will continue to work with law enforcement to assist in their investigation, and we are working diligently, with the assistance of a cybersecurity firm, to assess what information may have been involved in the incident. If necessary, we will notify the individuals whose information may have been involved, in accordance with applicable laws and regulations, in due course." 

The attack on Barlow caused considerable outrage online considering the hospital's importance during the COVID-19 pandemic. But dozens of hospitals continue to come forward to say they have been hit with ransomware attacks. 

Vice Society is far from the only ransomware group targeting hospitals and healthcare institutions. 

The FBI released an alert about the Hive ransomware two weeks ago after the group took down a hospital system in Ohio and West Virginia last month, noting that they typically corrupt backups as well.

Hive has so far attacked at least 28 organizations, including Memorial Health System, which was hit with a ransomware attack on August 15.

Ransomware groups are also increasingly targeting hospitals because of the sensitive information they carry, including social security numbers and other personal data. Multiple hospitals in recent months have had to send letters out to patients admitting that sensitive data was accessed during attacks. 

Simon Jelley, general manager at Veritas Technologies, called targeting healthcare organizations "particularly despicable."

"These criminals are literally putting people's lives in danger to turn a profit. The elderly, children and any others who require medical attention likely will not be able to get it as quickly and efficiently as they may need. At the same time, the hackers hold hospital systems and data prisoner," Jelley said. 

"Not to mention that healthcare facilities are already struggling to keep up as COVID-19 cases surge once again in many places across the country. Preventing ransomware attacks is a noble effort, but as illustrated by the Memorial Health System attack and so many others like it in recent months, preparation for dealing with the aftermath of a successful attack is more important than ever."

Editorial standards