Ransomware Attacks on Healthcare Providers: As nationwide cases of COVID-19 continue to surge, hackers mercilessly double down on their extortion attempts on U.S. healthcare organizations. On October 28, the FBI and two federal agencies shared a notice of “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” Despite being faced with a global pandemic, hospitals are regrettably expected to face more data breaches and disruption to healthcare services from this looming Ryuk ransomware threat, potentially at a magnitude never seen before.
As a cybersecurity firm with many healthcare clients and deep industry experience, we have compiled an ongoing list of publicized 2020 attacks on U.S. healthcare providers as an awareness resource for the healthcare community. We will continue to update this page as we become aware of additional reported attacks.
Reported Ransomware Attacks on Healthcare Providers:
Organization: Dickson County Healthcare System, Michigan
Date of Attack: 10.17.2020
Details: This ransomware attack caused disruption to all computers at all of DCHS hospitals and clinics. DCHS operated under previously established contingency procedures to continue providing patient care during the recovery process.
Organization: Sonoma Valley Hospital, California
Date of Attack: 10.11.2020
Details: A cybersecurity incident at Sonoma Valley Hospital that took its computer systems offline is being investigated as a possible ransomware attack. Business continuity planning has enabled the hospital to continue providing care while electronic health records are down. The patient portal is still operational, but new results have not been shared since the breach occurred (as of 10.29.2020).
Organization: Universal Health Services
Date of Attack: 09.27.2020
Details: UHS, one of the largest US health systems, confirmed a ransomware attack, namely Ryuk, affecting all of its US care sites and hospitals. Major information systems including electronic medical records were not impacted, but major outages to computer systems, phones, internet, and data centers were reported. All systems were back online after three weeks of recovery efforts.
Organization: University of Florida Health, Florida
Date of Attack: 07.16.2020
Details: Blackbaud, a vendor of UF Health that provides software tools and management resources, discovered cybercriminals had been in their systems for several months, leaking various customer data. After meeting ransom demands, attackers provided assurance that the leaked data was destroyed.
Organization: Care New England, Rhode Island
Date of Attack: 06.16.2020
Details: While Care New England was forced to delay minor procedures and go to “paper and pencil” for some functions, including electronic health records (EHR) and payroll, there was no indication of compromised patient data due to the attack. The website and computer systems were back to normal within a week.
Organization: Crozer-Keystone Health System, Pennsylvania
Date of Attack: 06.22.2020
Details: Hackers behind the NetWalker ransomware, which has aggressively targeted health care providers during the COVID-19 pandemic, claimed the attack on Crozer-Keystone. The group alleges that Crozer-Keystone declined to pay the requested Bitcoin ransom.
Organization: BJC HealthCare, Missouri
Date of Attack: 05.05.2020
Details: BJC health system noticed unauthorized activity on several staff email accounts the same day the attack occurred, but that didn’t stop hackers from gaining access to the data of 288,000 patients. The breach impacted 19 BJC and affiliated hospitals.
Organization: Parkview Medical Center, Colorado
Date of Attack: 4.21.2020
Details: A ransomware attack causing IT network outages caused the hospital to leverage paper records to continue patient care during the recovery period. Fortunately, Parkview Medical Center had prepared for such a situation, and the team continued to work around the clock to continue provider care during the pandemic.
Organization: Florida Orthopaedic Institute, Florida
Date of Attack: 04.09.2020
Details: Ransomware encrypted data on FOI servers that may have revealed personal information of certain patients. As organizations tend to do following this kind of incident, FOI offered complimentary credit monitoring services to impacted patients as a safeguard.
Organization: Rangley District Hospital, Colorado
Date of Attack: 04.02.2020
Details: A ransomware attack on Rangley District Hospital resulted in the loss of five years of patient data after not paying the requested ransom. However, they were able to recover some files from backups.
Organization: Mat-Su Surgical Associates, Alaska
Date of Attack: 03.16.2020
Details: This attack was discovered when employees were locked out of the computer system. While it is unknown whether patient data had been exfiltrated by the attacker prior to encryption, they were able to gain access to parts of the system containing the data of 13,146 patients. They did not pay the ransom.
Organization: Arkansas Children’s Hospital, Arkansas
Date of Attack: 05.05.2020
Details: In the cyberattack on Arkansas Children’s Hospital, no patient information was impacted. However, some appointments and procedures were delayed while the threat was resolved.