Michigan hospital system struggles with cyberattack as healthcare industry decries ‘Russian’ ransomware

Avatar

A prominent healthcare system in Michigan confirmed on Wednesday that outages affecting phone systems and computers was the result of a cyberattack that began earlier in the week. 

McLaren Health Care published a statement Wednesday saying their facilities are “largely operational” but that they have to operate with downtime procedures as they work to restore several IT systems. 

“Immediately after becoming aware of the attack, our hospitals and outpatient clinics instituted downtime procedures to ensure care delivery within our facilities,” the non-profit said. “Our information technology team continues to work with external cyber security experts to analyze the nature of the attack and mitigate the impacts of the threat actors.”

McLaren emergency departments continue to operate but there have been some surgeries and procedures have been canceled as a result of the attack. Some non-emergent appointments, tests and treatments are being rescheduled, according to the statement. 

Patients will be contacted if their appointments will be canceled but those who do come to one of the organization’s hospitals need to bring a list of their current medications, printed physician orders for imaging studies or treatments, a list of allergies and the printed results of recent lab tests. 

“In addition, we are also actively working with our vendor partners and insurance providers to ensure our supply chain is not impacted and insurance authorizations are processed for care and treatments,” the hospital system added. 

While the organization did not call it a ransomware attack and did not respond to requests for comment, a printed ransom note from the INC ransomware gang allegedly sent to the hospital was shared on social media.  

The same hospital system — which operates 13 hospitals across Michigan, as well as other medical services such as infusion centers, cancer centers, primary and specialty care offices and a clinical laboratory network — was attacked last September by a ransomware gang. In November, the organization said 2.1 million people had data stolen during the attack.  

Cybersecurity experts have long said data shows ransomware victims are typically targeted repeatedly by other gangs after initial attacks. 

The McLaren incident comes days after the American Hospital Association (AHA) issued a bulletin expressing alarm at a string of recent attacks that have caused a “massive disruption to patient care.”

Last week, a prominent non-profit healthcare system in Delaware dealt with a cyberattack that took down significant parts of its IT system. On Wednesday, the ransomware hackers behind the incident threatened to leak stolen data from the hospitals if they are not paid a $1.4 million ransom by August 14. 

The AHA highlighted other recent attacks on healthcare companies like OneBlood, Synnovis, and Octapharma as examples of “Russian cybercrime ransomware gangs” targeting critical infrastructure in the U.S. and U.K.

“The attacks against Octapharma, Synnovis and OneBlood appear to be unrelated and have been conducted by separate Russian-speaking ransomware groups,” they said. “However, the unique nature and proximity of these ransomware attacks — targeting aspects of the medical blood supply chain within a relatively short time frame, is concerning.” 

The AHA added that these incidents “demonstrate how catastrophic failures can occur in healthcare delivery when mission-critical and life-critical suppliers are attacked.”

CybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

US offers $10 million for info on Iranian leaders behind CyberAv3ngers water utility attacks

Next Post

US offers $10 million for info on Iranian leaders behind CyberAv3ngers water utility attacks

Related Posts

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts

Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The
Avatar
Read More

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories and its sub-directories,
Avatar
Read More