Hospital Hit With Cyber Attack; New Ransomware Appears

March 31, 2016

Hospital Hit With Cyber Attack; New Ransomware Appears

By Chris Brunau

Yet another medical facility has been hit with a suspected ransomware attack. The latest victim is MedStar Health, a healthcare provider in the Maryland and Washington, D.C. area.

While it hasn’t been confirmed if the virus was ransomware, it seems likely it was the culprit. According to a statement on MedStar’s Facebook page, they were hit with a virus early Monday morning. “MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization. We are working with our IT and cyber-security partners to fully assess and address the situation. Currently, all of our clinical facilities remain open and functioning. We have no evidence that information has been compromised. The organization has moved to back up systems [and] paper transactions where necessary.”

While the facility says they are open information wasn’t compromised, according to the Washington Post, they had to turn patients away. A patient originally scheduled for a Monday appointment was rescheduled to Tuesday, which was cancelled as well. As of today, systems reportedly remain down and patients are still being turned away.

This is the latest in an alarming trend of hospitals hit with cybersecurity attacks. Just last week we saw an attack on Methodist Hospital, which sent them into an “internal state of emergency”. In February, an attack at Hollywood Presbyterian was even more damaging, forcing the hospital to pay a ransom of $17,000 to regain access to their files.

Hospitals are ideal targets, as we highlighted in a recent blog post. According to Jerome Segura of Malwarebytes Labs, hospitals are ideal targets for these attacks because “Their systems are out of date, they have a lot of confidential information and patient files. If those get locked up, they can’t just ignore it.”

New Ransomware Strain

Unfortunately, there’s more bad news on the ransomware front. According to Trend Micro, Petya is the latest form of ransomware to pop up.

Petya overwrites the master boot record, leaving their operating system in an unbootable state. The virus is delivered via email, designed to look like an applicant seeking a job. The email contains a hyperlink to Dropbox to download a resume.

The current going rate for Petya’s ransom is .99 Bitcoins or roughly $431. According to PC World, the attacks are currently targeting companies in Germany, but could soon grow to a global scale.

Of course, there are some steps you can take to prevent compromising your data. With a business continuity and disaster recovery (BCDR) solution, you can restore critical data to a point in time before the corruption occurred and avoid paying a ransom. In addition, iDigitalTimes has provided some steps to remove Petya from your computer.

As always, taking the proper precautions is the best way to protect yourself from any form of ransomware. In the event you’re attacked, the best way to avoid paying a ransom is to have a proper business continuity and disaster recovery (BCDR) solution featuring up-to-date backups. This will allow you to restore your data to a point in time before the infection, and retain your precious data. To learn more about all things ransomware, including the common types, how it is spread and how to prevent it, download our eBook: The Business Guide To Ransomware.

Relevant Articles

Subscribe to the Blog