United Health Centers reportedly compromised by ransomware attack
A ransomware gang called Vice Society claims to have seized confidential data such as patient benefits, financial documents and lab results.
Another healthcare provider apparently fell victim to a ransomware attack that exposed private patient information and other sensitive data. A ransomware group known as the Vice Society claimed responsibility for an August attack on United Health Centers that allegedly hit all of its locations. The incident allegedly led to the theft of patient data and forced the organization to shut down its entire network, BleepingComputer reported Friday.
SEE: Security awareness and training policy (TechRepublic)
BleepingComputer said it learned of the August 31 attack from a source in the cybersecurity industry. This source revealed that the outage disrupted UHC’s computer system at all sites, prompting the organization to reimage its computers and recover data from offline backups.
Based in California, United Health Centers is a healthcare provider with more than 20 centers in cities such as Fresno, Parlier, Sanger and Selma. BleepingComputer said it has contacted UHC multiple times for comment on the reported attack, but the organization has so far not responded to any questions. TechRepublic has also reached out to UHC for comment.
Some ransomware gangs had promised not to hit hospitals and healthcare organizations during the coronavirus pandemic, but these organizations continue to be a tempting target. With sensitive patient data, medical records, lab tests, and other vital information, healthcare institutions are often more likely to simply pay the ransom than put themselves at risk.
“While focusing on patient care, healthcare organizations are struggling to secure their patient data as there is a constant stream of attacks against it,” said James McQuiggan, data protection advocate. security awareness for KnowBe4. “Most of them are profit-making organizations and are willing to pay, which is why we see cybercriminals continuing to target them. Not only do cybercriminals damage infrastructure, but the attack can damage reputation organization, and patients may be wary of providing them with sensitive data lest it be stolen.”
Vice Society is new to the ransomware game, having surfaced last June. The group appears to favor the healthcare industry since 20% of the victims listed on its data leak site are healthcare companies, according to BleepingComputer.
SEE: Ransomware Attack: Why a Small Business Paid the $150,000 Ransom (TechRepublic)
And while a few older ransomware groups can still avoid attacking hospitals, Vice Society apparently has no such restrictions. When BleepingComputer asked why he targets healthcare organizations, the group responded with the following message:
They always keep our private data open. You, me and anyone else go to hospitals, give them our passports, share our health issues, etc. and they don’t even try to protect our data. They have billions of government money. Are they stealing this money?
The President of the United States has given a large sum to protect government networks and where is their protection? Where is our protection?
If IT doesn’t want to do their job, we’ll do ours and it doesn’t matter if it’s at the hospital or at the university.”
With patient data and other sensitive information at risk, how can hospitals and healthcare facilities better combat ransomware attacks?
“Healthcare organizations should invest in training their employees on social engineering attacks to help them detect phishing emails and reduce the risk of attacks by cybercriminals via the human element,” said McQuiggan. “Critical systems such as patient data should be hardened with multi-factor authentication to reduce the risk of unauthorized access by cybercriminals if they are able to get inside the network.”
Tim Erlin, vice president of strategy for Tripwire, offered additional recommendations.
“Making sure you have working backups is quickly becoming an insufficient strategy for dealing with ransomware,” Erlin said. “Criminals are adapting to an environment where organizations are better prepared for ransomware by copying data in addition to encrypting it. With data copied and encrypted, not only are they ransoming access to your systems, but you are not Nor do you pay to divulge the sensitive data they have.This cyber-blackmailing approach means that simply having backups is not enough to prevent potential harm.
The goal is to focus not only on responding to ransomware attacks, but also on preventing them, Erlin added. Implementing security best practices reduces the chances of a successful attack. This means ensuring that you configure your systems securely, fix vulnerabilities and prevent phishing attacks.