American health care providers report that they have been affected by a ransomware attack that struck her CaptureRx, a San Antonio - based company that works with providers.
Health information for clients and patients of various healthcare providers, including UPMC Cole and UPMC Wellsboro in Pennsylvania, Lourdes Hospital and Faxton St. Luke's Healthcare in New York, of Gifford Health Care at Randolph and some Thrifty Drug Stores, are said to have been stolen and exposed.
Η HIPAA Journal reported that at least 17.655 patients at Faxton St. Luke's Healthcare, 6.777 patients at Gifford Health Care and 7.400 at UPMC Cole and UPMC Wellsboro have been affected by the attack, but it has not yet been determined the total number of people whose data was exposed or the number of CaptureRx customers affected.
CaptureRx said its team began researching its systems after someone noticed "unusual activity" on February 6. On February 19, the company confirmed that Patients' records, including names, dates of birth, and medical records, were compromised and stolen.
From March 30 to April 7, the company began informing all health care providers who had been ransomware attack and collaborated with organizations to inform all those affected. The company urges those affected to monitor their accounts for any suspicious activity.
Ο Justin Fier executive of the security company Dark Trace, stated that the healthcare industry will remain a primary target for ransomware gangs. There are two reasons: these organizations have a lot of important information at their disposal and can not be disabled for a long time. Therefore, they are more likely to pay the ransom.
Fier added that the advent of open source and ransomware-as-a-service tools available on the dark web is increasing attacks, highlighting the recent attack on the Swedish company Elekta, which affected more than 42 healthcare providers, while preventing cancer patients from receiving the necessary treatment.
Many security experts point out that healthcare providers are important targets for ransomware gangs because they have a lot of patient data that can be sold on the dark web or returned to organizations for a fee.
Ransomware became a major problem for healthcare providers in 2020, creating and making available a cost-effective ransomware protection service for private hospitals in the United States that may not be able to offer a strong cyber security service.
Executive of the cybersecurity company Blue Hexagon, said the ransomware attack on CaptureRx underscores the impact of the software supply chain.
"You can be hacked through software you have installed (eg Solarwinds), but you can also be hacked by your partners who handle your data", Said the executive.
"Organizations must carefully consider all their affiliates who have access to their important data and verify their security practices".