A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. The ongoing attack is preventing these care centers from accessing crucial patient medical records, and the IT company’s owner says she fears this incident could soon lead not only to the closure of her business, but also to the untimely demise of some patients.
Milwaukee, Wisc. based Virtual Care Provider Inc. (VCPI) provides IT consulting, Internet access, data storage and security services to some 110 nursing homes and acute-care facilities in 45 states. All told, VCPI is responsible for maintaining approximately 80,000 computers and servers that assist those facilities.
At around 1:30 a.m. CT on Nov. 17, unknown attackers launched a ransomware strain known as Ryuk inside VCPI’s networks, encrypting all data the company hosts for its clients and demanding a whopping $14 million ransom in exchange for a digital key needed to unlock access to the files. Ryuk has made a name for itself targeting businesses that supply services to other companies — particularly cloud-data firms — with the ransom demands set according to the victim’s perceived ability to pay.
In an interview with KrebsOnSecurity today, VCPI chief executive and owner Karen Christianson said the attack had affected virtually all of their core offerings, including Internet service and email, access to patient records, client billing and phone systems, and even VCPI’s own payroll operations that serve nearly 150 company employees.
The care facilities that VCPI serves access their records and other systems outsourced to VCPI by using a Citrix-based virtual private networking (VPN) platform, and Christianson said restoring customer access to this functionality is the company’s top priority right now.
“We have employees asking when we’re going to make payroll,” Christianson said. “But right now all we’re dealing with is getting electronic medical records back up and life-threatening situations handled first.”
[...] VCPI’s CEO said her organization plans to publicly document everything that has happened so far when (and if) this attack is brought under control, but for now the company is fully focused on rebuilding systems and restoring operations, and on keeping clients informed at every step of the way.
“We’re going to make it part of our strategy to share everything we’re going through,” Christianson said, adding that when the company initially tried several efforts to sidestep the intruders their phone systems came under concerted assault. “But we’re still under attack, and as soon as we can open, we’re going to document everything.”
(Score: -1, Offtopic) by Anonymous Coward on Monday December 02 2019, @12:02AM
SoylentPolitics is the world's finest online community of wealthy sexagenarians.
Vote Libertarian Republican.
Kill the poor.
Money makes right.
Take from the young and give to the old.
Donate your life savings today, right the fuck now.
Eternal Motto: Fuck You, Got Mine, Give Me Yours.
(Score: -1, Troll) by Anonymous Coward on Monday December 02 2019, @12:22AM (6 children)
There's your problem... board choose her to score inclusiveness points instead of a more competent man. And now grandpa's going to die because his medical records are encrypted.
(Score: -1, Troll) by Anonymous Coward on Monday December 02 2019, @12:33AM (1 child)
All good because grandpa's financial records are in the clear so we know exact!y how much money the SoylentPolitics corporation will receive in his will as soon as grandpa dies.
(Score: 0) by Anonymous Coward on Monday December 02 2019, @04:09AM
Yeh, Grandpa's financial status has been doxxed.
Now, the healthcare industry knows how long they need to keep the old guy alive to maximize the window of opportunity to milk the estate.
(Score: 4, Interesting) by Anonymous Coward on Monday December 02 2019, @01:24AM (3 children)
Problem lies in a wider IT "fashion" of outsource everything. Then the services contractor shoves it all in the Cloud (someone ELSE's computer). And then some middle manager demands access on his Blackberry...
A few thing should carry the death penalty, worldwide - malicious hacking (like this case), manufacture or distribution of (illegal) drugs {incl "energy drinks', vaping products}, intentional murder, terrorism, stealing from the old or vulnerable (call center frauds). No discussion, firing squad, $2 state funeral.
(Score: -1, Spam) by Anonymous Coward on Monday December 02 2019, @01:31AM (1 child)
^ SoylentPolitics
Kill the poor.
(Score: -1, Troll) by Anonymous Coward on Monday December 02 2019, @01:54AM
Yes, moderator, AC is totally right. We need a WORLDWIDE DEATH PENALTY WITHOUT DUE PROCESS for the crime of INCONVENIENCING OLD PEOPLE.
SoylentPolitics at its absolute finest.
KILL. THE. POOR.
(Score: 0) by Anonymous Coward on Monday December 02 2019, @04:14AM
I'd go for mandatory donation of the body to medical schools for medical practice / research to make partial repayment to the public-at-large for the lives he messed up.
(Score: -1, Spam) by Anonymous Coward on Monday December 02 2019, @02:03AM
Inconveniencing old people, that's worse than murder.
Every Soylentil agrees: death to poor people who try to extort money from rich old people. Deadly deadly death. Kill kill kill.
KILL THE POOR.
(Score: -1, Spam) by Anonymous Coward on Monday December 02 2019, @02:09AM
WORLDWIDE DEATH PENALTY WITHOUT DUE PROCESS for the crime of INCONVENIENCING OLD PEOPLE.
(Score: 0) by Anonymous Coward on Monday December 02 2019, @03:28AM (2 children)
These criminals aren't just holding the data hostage, they are effectively holding innocent people hostage too. In such a situation, killing the hostage takers is fully justified.
Eight posts and only one isn't spam.
(Score: 0) by Anonymous Coward on Monday December 02 2019, @04:23AM
> Eight posts and only one isn't spam.
Yeah, seems that some new kid is testing TMB's defenses. Shouldn't take long before this spammer is gone.
(Score: 2) by legont on Monday December 02 2019, @05:00AM
What should be done to doctors who can't treat their patients because of some information loss? Lobotomy sounds fair to me.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 2) by HiThere on Monday December 02 2019, @04:37AM (3 children)
You shouldn't put write access to records that peoples lives depend on on the internet. It's so stupid it should be criminal. Even read access is dubious, but I can understand why that would be extremely convenient.
OTOH, we really need better WORM memory devices. (Write once, read many. Like multi-session CDs were advertised as being. (Never mind the actual implementation.) That way nobody could ever destroy data that had been written. All they could do would be add a later version.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by legont on Monday December 02 2019, @05:09AM
Isn't the issue of the day "the right to forget"? So, no, it can't be solved using very convenient mass services.
The only solution is two copies - one for patient and one for her doctor - to keep. If they are lost, we have just one body dead and one in prison - very minor issue; relatively.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 0) by Anonymous Coward on Monday December 02 2019, @05:26AM
And unlike the current CDs they need to immutable once written to. The CDs allow 'secure erase' by setting all the unset bits, which makes the 'read only' device garbage. A true worm drive should set both 0 and 1 states in a permanent fashion so that data is impossible to damage or erase after it has been set.
Getting it cost effect compared to current solutions for archival purposes would help too.
(Score: 0) by Anonymous Coward on Monday December 02 2019, @03:23PM
Yeah. We should make people who want to have their data go from practice A to practice B to carry a paper copy of those medical records from place to place, right? And from location to location for the same medical group - they shouldn't have any kind of central repository of health care data between clinic A and clinic B. Make 'em take their stuff manually....
(And EMR providers can't maintain a backup system which retains a running copy of all changes made to a database, such that one could roll back to a given point in time. Or even take snapshot backups to a certain point in time. That's just crazy talk....)
(Score: 5, Interesting) by stretch611 on Monday December 02 2019, @12:08PM
Hmm... let's see, she and her company are responsible for setting up computers for the system. Obviously, she did not set up proper security. She did not monitor the systems to realize when her systems were attacked. And she did not have adequate backups to recover quickly.
While the true crime is being perpetrated by the Ransomware Attacker, she is quite guilty in negligence... If it leads to the demise of her business, that is her fault and she deserves it.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 0) by Anonymous Coward on Monday December 02 2019, @02:52PM (1 child)
Presumably including the reason for putting mission critical systems under somebody else's administration.
I could see cloud being used to backup health records. I cannot see it being used as a primary repo for mission critical operations. Though I imagine this cost cutting measure is probably common in the health care industry.
(Score: 0) by Anonymous Coward on Monday December 02 2019, @03:19PM
Yes, it is increasingly common in the health care industry.
About 40% of medical practices have under five physicians total working for them according to this source [statista.com]. Which is more efficient: every practice has its own server (and, more importantly, IT overhead staff), or trust a cloud-based provider to manage the resources? Of course, it's fun when some internet hiccup keeps providers from their patient data (even when it isn't being hacked...) when an in-house solution still runs even should the internet go down. It's not just black-or-white, of course, one might have local servers being serviced by an offsite support staff... but from the physician's perspective that is also more costly than just trusting a cloud provider.
What modern EMR cloud providers (many of them are the Electronic Medical Record software provider itself which subcontracts out the hosting services) generally promise is that all data is backed up constantly using different pipes in a method that let's them roll back an attack like this. Let's hope for their patients sake that VCPI had such protection running for it.