Texas hospital becomes victim of Dharma ransomware

The spread of malware through Altus Baytown Hospital systems highlights the ongoing threat ransomware poses to our healthcare.

The Altus Baytown Hospital (ABH) has revealed a ransomware outbreak which may have led to the leak of patient data.

In a statement on its website, the Texas-based hospital said that ABH discovered an unauthorized threat actor rifling through the organization's systems on roughly September 3.

The "unauthorized party" deployed malicious code and infected the hospital's systems with a strain of ransomware.

The ransomware at fault for the infection is known as Dharma. As with most strains, the malware was able to encrypt files and then demanded a ransom payment in return for access.

Many of the hospital's records were encrypted due to the attack, and these included files containing patient information such as names, home addresses, dates of birth, social security numbers, driver license numbers, credit card information, phone numbers, and medical data.

See also: Most antivirus programs fail to detect this cryptocurrency-stealing malware

It would be unusual for ransomware to encrypt and then exfiltrate information should the malware's purpose be simply to secure a blackmail payment. However, as the threat actor was present on ABH servers and details are thin on the ground, it is possible this data has made its way into the wrong hands.

ABH has not revealed how many patients may be affected.

"As a result of our investigation, ABH believes that the records were simply encrypted and there is currently no indication that the information itself has otherwise been accessed or used by any unauthorized individual," the organization says.

In addition to the hospital itself, affiliate parties including Altus Women's Center of Baytown, Oprex Surgery (Baytown), Clarus Imaging (Baytown), LP, Clarus Imaging (Beaumont), Zerenity Baytown, and Altus Radiation Oncology Baytown are involved in the incident as information from these entities was stored on the same systems.

After the ransomware executed, the hospital chose not to pay the ransom; instead, ABH hauled in external cybersecurity help which was able to decrypt backup files and restore ABH's servers.

Dharma was then eradicated from the compromised systems.

TechRepublic: Why 31% of data breaches lead to employees getting fired

"We have been working with our IT consultants to review and analyze the security of our computer systems, and we have updated certain technical, administrative and physical safeguards to ensure the security and confidentiality of your data in the future," ABH added.

The patients potentially impacted by the security incident have been informed, and as with all cases of data compromise, those involved should keep an eye on their credit reports and watch for any suspicious activity or transactions which may be fraudulent.

CNET: Yahoo must pay $50M in damages for security breach

Dharma, also known as CrySIS, has been making the rounds over the course of this year. According to security researchers from FortiGuard Labs, the malware strain has been used in recent attacks against a brewery and maritime ports. New loaders and file systems have been found in recent, upgraded variants.

Previous and related coverage