February 12, 2022: Overly Delayed Disclosure of Ransomware Attack at Australian Clinical Labs
On October 31, Australian Clinical Labs (ACL) disclosed a February 2022 data breach that impacted its Medlab Pathology business. The breach exposed the medical records and other sensitive information of 223,000 people.
Quantum ransomware gang took responsibility for the attack. 86GB stolen files were uploaded on its Tor site on June 14, 2022. Leaked data included patient and employee details, financial reports, invoices, contracts, forms, subpoenas, and other private documents. According to Quantum ransomware’s website, the data leak page for MedLab has been accessed 130,000 times.
October 31, 2021: Lockbit Ransomware Gang Say Japan Hospital Paid $30K Ransom
Russian hackers claim a Japanese hospital paid $30,000 to regain access to electronic medical records. The records were encrypted in a ransomware attack last October, causing major disruption to the medical institution's operations.
At the time of the Oct. 31 attack, Handa Hospital refused to pay the ransom. The hospital said it will build a new electronic medical record system at a cost of 200 million yen.
The town of Tsurugi, which runs the targeted Hospital, has denied paying ransom money. Experts suspect that an IT firm involved in attempts to restore access to the records secretly reached a deal with the hackers.
Japanese police have been urging those targeted in ransomware attacks to not pay money demanded of them.
October 12, 2022: Australian Health Insurance Firm Medibank Hit by Ransomware Attack
Major Australian health insurance provider Medibank Private Limited disclosed being hit by a ransomware attack on October 12. The attack resulted in a temporary service outage, which has since been resolved. The company claim that no systems were encrypted during the attack.
UPDATE October 26: Medibank says all customers' personal data compromised by cyber attack. The hack impacts about 4 million current customers along with an unknown number of former customers too.
October 3, 2022: CommonSpirit, a Large US Hospital Chain, Patient Care Impacted by Ransomware Attack.
One of the largest hospital chains in the U.S. was hit with a suspected ransomware attack this week. The attack lead to delayed surgeries, hold ups in patient care and rescheduled doctor appointments across the country. Multiple hospitals were affected, including CHI Memorial Hospital in Tennessee, some St. Luke’s hospitals in Texas, and Virginia Mason Franciscan Health in Seattle.
September 10, 2020: Patient Dies After Hackers Hit ‘Wrong’ Hospital in Germany
University Hospital Düsseldorf (UKD) in Germany suffered a cyberattack. Through an unpatched vulnerability, hackers penetrated the hospital’s network with ransomware, forcing planned and outpatient treatments and emergency care to have to occur elsewhere. A patient died after being forced to go to another hospital.
The ransom notes left on the hospital's encrypted servers were incorrectly addressed to Heinrich Heine University, rather than the hospital itself. After the police contacted the threat actors and explained that they encrypted a hospital, the ransomware operators withdrew the ransom demand and provided a decryption key.
September 1, 2020: Ryuk Ransomware Attack Reported Cost Universal Health Services (UHS) an Estimated $67 Million
Universal Health Services (UHS), one of the largest healthcare services provider shut down systems at healthcare facilities around the U.S. after a cyberattack hit its networks. UHS managed to restore most affected systems and hospital operations systems during late-October. UHS said that the Ryuk ransomware attack had an estimated impact of $67 million. In October 2020, the U.S. government warned of Ryuk ransomware attacks against healthcare industry organizations including hospitals and healthcare providers.
The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries. CHSF serves an area of 600,000 inhabitants, so any disruption in its operations can endanger the health, and even lives, of people in a medical emergency. "This attack on the computer network makes the hospital's business software, the storage systems (in particular medical imaging), and the information system relating to patient admissions inaccessible for the time being," explains CHSF's announcement (translated).
French cybersecurity journalist Valéry Riess-Marchive identified signs of a LockBit 3.0 infection. If LockBit 3.0 is responsible for the attack on CHSF, it will violate the RaaS program's rules, which prohibit affiliates from encrypting systems of healthcare providers.
New York billing company Practice Resources, LLC (PRL) disclosed a ransomware attack that impacted 942,000 individuals and 26 healthcare organizations. PRL began notifying 942,138 individuals of a ransomware attack that impacted 26 of its healthcare organization clients.
According to a notice posted on the California Attorney General’s Office website, PRL suffered a ransomware attack on April 12, 2022. PRL immediately took steps to secure its systems and gained assistance from third-party experts.The information involved in the attack potentially included names, addresses, health plan numbers, dates of treatment, and medical record numbers.
South Denver Cardiology Associates (SDCA) announced it was the victim of a cyberattack in January 2022. Files containing protected healthcare information of thousands of thousands of heart patients were accessed and potentially stolen by hackers. Unusual network activity was detected on January 4, 2022, and the SDCA breach response process was immediately initiated. Systems were isolated from the network and shut down. The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 287,652 individuals.
August 4, 2022: NHS 111 Emergency Line Hit by Cyberattack
A cyberattack at UK company Advanced causing a software outage affected NHS 111 digital services. The attack targeted Adastra clinical patient management software. Adastra is used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings and emergency prescriptions. Advanced has indicated the issue might not be fully resolved until next week. According to NHS England, 111 services are still available. However, the Welsh Ambulance Service has warned that 111 calls may take longer to answer. In addition, NHS England warned that GPs could see an increase in the number of patients.