Share this article on:
University Medical Center of Southern Nevada (UMC) has suffered a ransomware attack in which patient data was stolen. The medical center confirmed it identified suspicious activity within the hospital network in mid-June and took immediate action to contain the threat and restrict access to its servers.
The investigation into the cyberattack is continuing and law enforcement has been notified. At this stage it appears that the attackers targeted a server that was used to store patient data. The investigation is still in the early stages, but UMC said it appears that clinical systems were not affected.
UBM said it is working with the Las Vegas Metropolitan Police Department, the FBI, and third-party cybersecurity experts to determine the exact origin and scope of the breach.
Any cyberattack that causes disruption to hospital operations has potential to result in considerable harm to patients. This is especially true for an attack on UMC, which runs the only Level 1 trauma center in Nevada.
UMC said the fast action of its IT department helped to contain the breach, but that response “resulted in minor, intermittent computer login issues for some UMC team members. While these login issues were certainly inconvenient, there have been no disruptions to patient care or UMC’s clinical systems.”
While clinical systems are not believed to have been accessed, out of an abundance of caution, UMC said it is issuing notifications to patients and affected employees and will be providing complimentary identity protection and credit monitoring services.
The attack appears to have been conducted by the REvil (Sodinokibi) ransomware gang. The REvil ransomware gang has been one of the most active ransomware operations over the past year, having conducted many attacks on businesses in the United States. The gang was behind the attack on JBS Foods in May 2021 which resulted in the temporary closure of food production facilities in the United States. JBS reportedly paid the gang $11 million in Bitcoin following the attack.
Following the attack on Colonial Pipeline by the DarkSide ransomware gang and its own attack on JBS Foods, the REvil ransomware gang issued a joint statement with the Avaddon ransomware operation stating they were limiting attacks by their affiliates and would not be targeting certain industries, including healthcare. That decision appears to have been reversed.