Share this article on:
Two more hospitals have experienced ransomware attacks that have taken their computer systems offline and have forced clinicians to switch to pen and paper to record patient information.
Both ransomware attacks occurred on Tuesday, October 27, 2020, one on Sky Lakes Medical Center in Klamath Falls, OR and the other on St. Lawrence Health System in New York. Both attacks involved Ryuk ransomware.
Sky Lakes Medical Center announced on Facebook that while its computer systems had been taken out of action, care continued to be provided to patients and its emergency and urgent care departments remained open and fully operational and most scheduled elective procedures were continuing as planned. At this stage, no evidence has been found to indicate any patient data were compromised in the attack; however, the investigation is still in the early stages.
The attack on St. Lawrence Health System was detected several hours after the initial compromise. St. Lawrence Health System issued a statement saying its IT department had taken systems offline in an effort to contain the attack and prevent the ransomware from spreading to all parts of the network.
The ransomware attack is reported to have affected three of its hospitals – Canton-Potsdam Hospital, Gouverneur Hospital, and Massena Hospital. The decision was taken to divert ambulances from some of the affected hospitals as a precautionary step to ensure care could be provided to patients.
As with the attack on Sky Lakes Medical Center, no evidence has been found to indicate patient information was compromised, although the Ryuk ransomware gang is known to exfiltrate patient data prior to file encryption.
A joint advisory was issued by CISA and the FBI this week, in conjunction with the HHS’ Department of Health and Human Services, warning about an increase in targeted Ryuk ransomware attacks on hospitals and public health sector organizations. Credible evidence had been uncovered suggesting attacks on hospitals and other healthcare providers would likely increase.
Healthcare organizations are being advised to take steps to secure their networks from attacks. Indicators of compromise have been published along with mitigation measures to help prevent attacks and identify attacks in progress. Further information on the advisory along with the steps that should be taken to harden defenses can be found here.