Royal ransomware group has listed Morris Hospital, a well-established healthcare facility located in Illinois, United States, as a victim.
On May 22, the group named Morris Hospital as one of their targets on their leak website, creating apprehension among both the hospital administration and the community it serves.
Royal Ransomware, known for its high-profile cyberattacks, has gained notoriety for targeting various organizations worldwide.
However, at present, no ransom note or deadline for payment has been provided by the hacking group, leaving the hospital and its stakeholders in a state of uncertainty.
The Morris Hospital administration has confirmed the attack, but assured that the incident has not impacted patient care or hospital operations.
“The investigation was launched after the hospital detected unusual activity on its computer network that indicated an unauthorized third party had gained access to the network system,” Morris Hospital Public Relations Manager Janet Long told The Cyber Express.
“The network system is separate from the electronic medical record systems that are used for patient care. The hospital’s electronic medical record systems were not compromised.”
Morris Hospital cyber attack: Wider effect
Morris Hospital, renowned for its comprehensive medical services and commitment to patient care, now faces the daunting challenge of safeguarding sensitive patient information and ensuring the continuity of critical healthcare operations.
The hospital has immediately activated its cybersecurity response team and is collaborating with cybersecurity experts to assess the extent of the breach and mitigate any potential damage.
According to the leak site post, the hospital has about 1400 employees and has a revenue of $133 million.
The implications of a cyber attack on a healthcare institution like Morris Hospital are far-reaching. Patient records, medical histories, and other sensitive data may be at risk of compromise.
Morris Hospital cyber attack and the US healthcare
US healthcare sector has been a preferred victim for ransomware gangs.
Royal ransomware group in April hit the Clarke County Hospital, while AvosLocker claimed the Pembina County Hospital cyberattack.
Targeted data breaches are also equally common. A data breach at Sharp Healthcare, San Diego, in February put the information of 62,777 patients at risk.
According to the State of Ransomware in the US report for 2022, released by Emsisoft Malware Lab, a total of 25 incidents affecting hospitals and multi-hospital health systems were reported in 2022, potentially impacting patient care at up to 290 hospitals.
One particularly significant incident highlighted in the report was the attack on CommonSpirit Health, a healthcare organization that operates nearly 150 hospitals.
This incident underscored the magnitude of the threat, as it compromised the personal data of a staggering 623,774 patients. The consequences of such attacks extend far beyond monetary losses, with patient care and safety being jeopardized.
Disturbingly, in at least 17 cases (68%) of the hospital-related ransomware incidents, data containing Protected Health Information (PHI) was exfiltrated.
Regulators were prompt in spotting and warning about the increasing ransomware attack on the healthcare sector, particularly by the Royal ransomware group.
Royal ransomware group and the US healthcare
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint advisory in March on Royal ransomware, specifically highlighting the increasing targeting of the US healthcare sector.
“Royal ransomware uses a unique partial encryption approach that allows the threat actor to choose a specific percentage of data in a file to encrypt. This approach allows the actor to lower the encryption percentage for larger files, which helps evade detection,” said the report.
“In addition to encrypting files, Royal ransomware actors also engage in double extortion tactics in which they threaten to publicly release the encrypted data if the victim does not pay the ransom.”
This joint advisory follows a previous advisory issued by the Department of Health and Human Services (HHS) in December 2022, which disclosed that the Royal ransomware operation was responsible for multiple attacks on healthcare organizations across the country.
“Royal is a human-operated ransomware that was first observed in 2022 and has increased in appearance. It has demanded ransoms up to millions of dollars,” said the HHS warning.
“Since its appearance, the Health Sector Cybersecurity Coordination Center is aware of attacks against the Healthcare and Public Healthcare (HPH) sector. Due to the historical nature of ransomware victimizing the healthcare community, Royal should be considered a threat to the HPH sector.”
The FBI-CISA joint advisory provided indicators of compromise (IOCs) and a comprehensive list of tactics, techniques, and procedures (TTPs) commonly employed by the perpetrators of the Royal ransomware attacks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
