Share this article on:
The University of Kentucky (UK) has been battling to remove malware that was downloaded on its network in February 2020. Cybercriminals gained access to the UK network and installed cryptocurrency mining malware that used the processing capabilities of UK computers to mine Bitcoin and other cryptocurrencies.
The malware caused a considerable slowdown of the network, with temporary failures of its computer system causing repeated daily interruptions to day to day functions, in particular at UK healthcare.
UK believes the attack was resolved on Sunday morning after a month-long effort. On Sunday morning, UK performed a major reboot of its IT systems – a process that took around 3 hours. UK believes the attackers have now been removed from its systems, although they will be monitoring the network closely to ensure that external access has been blocked. The attack is believed to have originated from outside the United States.
UK Healthcare, which operates UK Albert B. Chandler Hospital and Good Samaritan Hospital in Lexington, KY, serves more than 2 million patients. While computer systems were severely impacted at times, patient care was not affected and patient safety was not put at risk.
An internal investigation was launched and third-party computer forensics specialists were engaged to assist with the investigation. University spokesman Jay Blanton said it is hard to determine whether any sensitive data was viewed or downloaded. The belief is that the malware attack was solely conducted to hijack the “vast processing capabilities” of the UK network to mine cryptocurrency.
UK has taken steps to improve cybersecurity, including installing CrowdStrike security software. More than $1.5 million has been spent ejecting the hackers from the network and bolstering security.
Arkansas Children’s Hospital Reboots Systems to Deal with ‘Cybersecuirty Threat’
Arkansas Children’s Hospital in Little Rock has experienced a cyberattack that has impacted Arkansas Children’s Hospital and Arkansas Children’s Northwest. Its IT systems have been rebooted in an attempt to deal with the cyberthreat and a third-party digital forensics firm has been engaged to assist with the investigation.
The exact nature of the threat has not yet been disclosed and it is currently unclear when the attack will be resolved. All facilities are continuing to provide medical services to patients, but some non-urgent appointments may have to be rescheduled.
The investigation into the attack is ongoing, but at this stage, no evidence has been found to suggest patient information has been affected.