Breach Notification , Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime
2 Healthcare Systems Recovering From Cyberattacks
Sanford Health, Eskenazi Health Experience Disruptions in ServicesTwo more healthcare systems are recovering from cyberattacks - both apparently involving ransomware - that are causing disruptions in service.
See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare
On Thursday, Sioux Falls, South Dakota-based Sanford Health and Indianapolis, Indiana-based Eskenazi Health were both still recovering from cyberattacks - both apparently involving ransomware - they each detected earlier this week.
Sanford Health Incident
Sanford Health's IT information staff was alerted Tuesday evening that its network was experiencing "a hacking disruption," local media outlet Argus Leader reports.
Sanford Health includes 46 hospitals, 1,525 physicians and more than 200 senior care locations in 26 states and 10 countries, according to its website.
"Sanford Health has experienced an attempted cybersecurity incident, and we are taking aggressive measures to contain the impact," Sanford Health's CEO Bill Gassen says in a statement provided to Information Security Media Group.
"Providing patients with exceptional care is our top priority and we are doing everything possible to minimize disruption," Gassen said. "At this time, no known patient, resident or employee personal or financial information has been compromised. We have engaged leading IT security experts to assist in the response and have notified and will be working closely with federal authorities."
Sanford Health did not immediately respond to ISMG's request for additional details about the incident, including whether ransomware was involved. But the security firm Emsisoft reports the organization was apparently a ransomware victim.
Eskenazi Health Incident
Meanwhile, Indianapolis-based Eskenazi Health began diverting ambulances to other facilities early Wednesday morning after the discovery of an "attempted" ransomware attack, reports local news site Indy Star.
The hospital reportedly shut down its network, including email, electronic medical records, and its website out of "an abundance of caution," Eskenazi Health told the Indy Star.
As of Thursday morning, Eskenazi Health's website still appeared to be offline.
Eskenazi Health, which operates a public healthcare system in Marion County, Indiana, includes a 315-bed medical center.
An Eskenazi Health spokesman on Thursday confirmed to ISMG that the "attempted attack" involved ransomware.
"We brought the system offline to remediate the attack. Our monitoring systems functioned as they should, and out of an abundance of caution, and to maintain the safety and integrity of our patient care, we have proactively shut down our network. Our current monitoring indicates that no patient or employee data has been compromised. We are working system by system with a high level of due diligence to analyze all systems before bringing them back online."
Sector Being Targeted
"Attacks on healthcare and other critical infrastructure sectors will continue despite the 'commitment’ made by certain threat groups" not to carry out such assaults, says Brett Callow, threat analyst at security firm Emsisoft.
Sanford Health is at least the 36th US health provider/health system to be hit by ransomware so far this year, and 18 have had data, including PHI, stolen and released online. https://t.co/lGXcKBGexB
— Brett Callow (@BrettCallow) August 4, 2021
"Ransomware is far too profitable to simply go away. Realistically, the only way we’ll make a dent in the problem is via a raft of policy measures designed to help organizations bolster their security, increase cybercriminals' risk and decrease their ROI," he says.
"While government is certainly taking steps in the right direction, it will take time for the measures being implemented to have any significant impact."
In tweets posted Wednesday, Callow asserts that Sanford Health and Eskenazi Health are among at least three dozen U.S. healthcare delivery systems to be hit by ransomware so far this year.
Of those, 18 have had data, including protected health information, stolen and released online, he adds.
Scripps Health and UF Health Central Florida are also among healthcare organizations experiencing recent cyber incidents, including ransomware.