The ransomware attack on Grays Harbor Community Hospital in Aberdeen, WA continues to cause problems after its attack two months ago. The attackers asked for $1 million ransom payment in exchange for the encryption unlock keys.
The attack on Grays Harbor Community Hospital began on June 15, 2019. On this Saturday, the hospital initially had IT issues, which limited the staffing. On Monday, it was discovered that the real problem was ransomware. The IT team took steps to isolate the problem and secured its network; but, the attackers already had accessed the servers and systems utilized by Harbor Medical Group clinics. The preliminary point of attack seems to be a phishing email that one employee responded to.
The attack had mostly impacted the 8 clinics operated by Harbor Medical Group located in the Aberdeen and Hoquiam region. Grays Harbor Community Hospital utilized an older version of the software, which stopped the installation of the ransomware on the main computer system of the hospital. The clinics utilized the latest software, which permitted the ransomware infection of more systems. The systems of the clinics are still not working and so the hospital employees are using paper and pen to document patient data.
The hospital’s spokesperson said that the hospital continues to provide emergency patient care and attends to appointments as scheduled. Some appointments have been delayed as the patient information system still has issues. The hospital advised patients to bring with them their prescriptions and medical histories when they come for their appointment.
The hospital was not able to use their backup files because they were encrypted as well. Access to patient files is still not possible on August 13, 2019. The hospital already reported the attack to the FBI, who is helping with the investigation.
The hospital had taken out a cybersecurity insurance plan in the past worth $1 million, which could pay for the ransom. It is uncertain if the ransom was paid.
There was no evidence that data was accessed or stolen, but there is still that possibility. The information of the affected patients that could have been exposed includes full name, address, telephone number, birth date, Social Security number, insurance details, diagnoses, and treatment data.
The hospital has begun informing the 85,000 patients that the breach affected and offered them free credit monitoring services. Hospital security measures are under review and more hardware and software options are going to be employed as needed to enhance security. Employees will likewise have extra training.