Russian Hackers Hold Nursing Home Patients' Data Ransom for $14M
Posted: December 9, 2019 to Compliance.
There is a reason hackers have started targeting hospitals and medical practices. Not only is their cyber security known to be woefully lacking (despite the best efforts of the U.S. Department of Health and Human Services [HHS] and HIPAA regulations), but the electric Patient Health Information (ePHI) can literally be life and death. Meaning? The healthcare industry has no choice but to pay up. This is the exact scenario Virtual Care Provider (VCP), a Milwaukee-based company servicing over 100 nursing homes across the US, found itself in last month. They had to notify their patients that they did not have access to their medical records, meaning they were unable to communicate any prognoses to their patients, because they fell victim to a ransomware attack that was holding their ePHI hostage until the company coughs up a staggering $14 million in ransom. On Nov. 18, the day after the hack was uncovered, VCP sent out notification to its clients that while they were figuring out if any of their PHI had been compromised, they did know that approximately 20 percent of their services were impacted, and they had to rebuild 100 of their servers. What Hold Security, the company hired by VCP to investigate the breach, has discovered since that time is quite disturbing: they were breached by Russian hackers who used phishing emails to infect their network, undetected, over the course of 14 months.Even worse?
VCP doesn't have $14M to give to the cybernappers, resulting in many of their nursing homes being unable to:- Access the medical records of their patients
- Use the internet
- Issue paychecks
- Dispense meds