Two More Californian Hospital Ransomware Attacks Reported
Two more hospitals in Southern California have reported being attacked with ransomware. The Chino Valley Medical Center and Victorville’s Desert Valley Hospital, which are both operated by Prime Healthcare, were attacked on Friday last week.
A number of computers had data locked with the file-encrypting malware and the attackers managed to infiltrate some of the hospitals’ servers before the attack was discovered and contained.
As soon as the ransomware attacks were discovered, IT systems were taken offline to prevent the spread of the infections. While some computers and servers were taken out of action, patient health records were not compromised and the attack did not affect patient safety. Healthcare services are still being provided to patients at both hospitals, although the attack did cause significant disruption to the hospitals’ IT systems on Friday last week.
Prime Healthcare Spokesperson, Fred Ortega, said “most of the systems and critical infrastructure has been brought back online.”
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
A ransom demand was received by Prime Healthcare, although no details have been released so far on how much money was demanded by the attackers to supply security keys to unlock the encrypted data. Ortega said that nothing has been paid by Prime Healthcare.
It is not clear exactly how the attackers managed to install ransomware at the hospitals. Prime Healthcare is working with the FBI and the California Department of Public Health and an investigation into the attack is currently being conducted.
According to a statement issued by FBI spokesperson Laura Eimiller, the agency is investigating a network compromise at both locations, although no further details of the attack or the investigation have been released.
Earlier this week Methodist Hospital in Henderson in Kentucky also suffered a ransomware attack which resulted in critical files being encrypted. In that case, files were copied by the attackers and encrypted and the originals were deleted. The hospital was able to activate a backup system and healthcare operations could continue to be provided. Canada’s Ottawa Hospital also reported a ransomware infection last week although the attack was contained and no ransom was paid.
However, the attack on Hollywood Presbyterian Medical Center in February did result in a payday for the attackers, with the hospital reluctantly paying $17,000 for the security keys to unlock data.
Hospitals may decide not to give in to attackers’ demands, but a ransomware infection can result in a considerable amount of damage. In February, two hospitals in Germany were attacked, and while the decision was taken not to pay the ransom, the hospitals expect it to take weeks for all of the encrypted files to be recovered.
