A ransomware attack on Virtual Care Provider Inc. (VCP), a provider of data storage, internet, and email services, cybersecurity, and other IT services in Wisconsin, resulted in the encryption of the healthcare records and other information the company hosts for its customers. The clients of VCP include 110 acute care facilities and nursing home operators all over the United States. Those entities were not allowed to access critical patient data, which includes healthcare records. The company offers services for 80,000 computers, in approximately 2,400 facilities in 45 U.S. states.
The attackers used the Ryuk ransomware variant, which has been employed in the attack of a lot of healthcare companies and managed IT service providers in the U.S. in the past months. The ransomware usually works as a secondary payload subsequent to a Trojan download. The attacks frequently entail substantial encryption and bring about serious disruption and large ransom demands are quite often released. This case of ransomware attack is the same as described. The attackers issued a ransom demand worth $14 million, but the company stated it does not have funds for such amount.
Brian Krebs of KrebsonSecurity, after speaking to CEO and VCP owner Karen Christianson, stated that the attack impacted essentially all of the core services offered by the company, which include email, web access, stored patient files, billing, the VCP payroll system and the clients’ phone systems.
The result of the attack includes the inability to view or update patient records of acute care facilities and nursing homes and the inability to order necessary drugs to make sure they are shipped promptly. Additionally, a number of small facilities could not bill Medicaid, which might lead to the closing down of their doors if the systems will not be available prior to December 5th so that claims could be submitted. VCP has prioritized reestablishing its virtual private networking platform based in Citrix to enable clients to access the medical records of patients.
The attack began on November 17, 2019 and until this time VCP continues to struggle in restoring access to client information and processing payroll for about 150 employees. Christianson is worried that the attack can likely result in the premature passing away of a number of patients and might force her to close her business for good.
KrebsonSecurity stated that the attack may have started way back in September 2018 and probably began with an infection of TrickBot or Emotet, and a secondary payload of the Ryuk ransomware.