In a string of ransomware attacks, the United States-based Pembina County Memorial Hospital was listed as victim by a cybercriminal group. While AvosLocker claimed the Pembina County Hospital cyberattack, the Royal ransomware group had also allegedly breached the Clarke County Hospital.
Pembina County Memorial Hospital cyberattack
AvosLocker posted a threat of leaking all the stolen data from the Pembina County Hospital cyberattack. The deadline for paying a ransom or yielding to the so far undisclosed demands of the cybercriminal group was set to be 3 days after the post was published on April 21, 2023.
Two tabs allowing individuals to ‘View’ or ‘Buy’ the stolen data were also present on the leak site page over Pembina County Hospital cyberattack. “The sensitive data was downloaded from its network. Some examples of data types: *NDA’s* Database dump containing information about each patient and employer (previous and current),” the Pembina County Hospital cyberattack post read.
Leak site post of the Royal ransomware group
Brett Callow, threat analyst of Emsisoft tweeted about both the U.S. hospital ransomware attacks with screenshots from the cybercriminal groups’ leak site.
Statistics of U.S. hospital ransomware attacks
The year 2022 witnessed over 25 ransomware attacks on U.S. hospitals. This impacted patient care in over 290 hospitals. The cyberattack on the CommonSpirit Health systems affected nearly 150 of its hospitals.
Data was stolen in nearly 17 cyberattacks which amounted to 68% of the attacks. Besides posing risk to the health of patients relying on services impacted by the ransomware attacks, monetary loss, and personal data of over 623,774 patients were also compromised.
Critical services that rely on system algorithms like doses of medication in certain healthcare were also halted due to the ransomware attacks. The U.S. hospital cyberattacks also led to delaying and rescheduling surgeries on patients along with delayed ambulance services.
Speaking about the gravity of attacks on healthcare, the CISA senior advisor Josh Corman said to The Verge, “There’s such a palpable, visceral reluctance to admit that we’ve lost lives because of cybersecurity.”
A report by the American Hospital Association clarified that nearly 66% of healthcare organizations in the U.S. suffered a ransomware attack in 2021.
The report highlighted some common yet crucial measures that every employee at a healthcare needs to follow including initiating a security incident and response reporting procedure after experiencing an attack.
Witnessing the increased targeting of U.S. hospitals with ransomware attacks, it is high time software are patched on time, and tools for detecting phishing emails, malware, and other attacks are put in place.
Just like most corporate entities, it is time that the healthcare sector also makes every effort in inculcating a habit cyber hygiene and working towards creating a robust security infrastructure.
