Within hours of the cybersecurity, which disrupted some of its services, Ohio -based Kettering Health said that the fraudsters were calling its patients and asking for credit card payments for medical expenses.
Why do it matter
The cyber attack in the network that limits access to patient care systems across 14 medical centers in Kettering and more than 120 facilities for external patients caused the interruption of the communication center and led to the abolition of optional surgeries, as the health system explained in Online statement Tuesday.
“Earlier this morning, Kettering Health witnessed the system of technology at the system level, which limited our ability to reach specific patient care systems throughout the Foundation,” the statement says. “We have procedures and plans applicable to these types of situations and we will continue to provide safe and high -quality patients currently for patients in our facilities.”
The emergency rooms and clinics remained open.
The actors of the threats published a ransom note on the health system network that threatened to leak the sensitive and protected data that they stolen unless Kettering negotiated the blackmail fees, as CNN said.
The note led the victim to the extortion site associated with the Ransomware Interlock gang, according to story.
Later that day, Kettering Health has updated the system of technology interruption at the system level to confirm fraud and advertising calls that she was stopping regular billing calls.
The biggest direction
Healthcare organizations are targeted because they are considered more vulnerable Responding to blackmail demandsWhich can put it often Patient safety is in danger. If service providers do not pay ransom demands, electronic criminals can money on the valuable health data they steal by trying Selling it on the dark network network.
The researchers at Cisco’s Talos Intelligence said they have noticed a striker running the big game hunting and double blackmail attacks using Ransomware.
“Our analysis has revealed that the attacker has used multiple ingredients in the delivery chain, including a distance access tool that denies as fake browser modern, PowerShell, accreditation theft, and Keylogger switch before spreading and empowering Ransomware, Ransomware,” Blog post.
CISCO researchers said that the attacker moved sideways within the victim network and used the Azure Storage Explorer to test the victim’s data to the attacker’s Azure storage.
“The group has significantly targeted companies in a wide range of sectors, which includes at the time of health care, technology, government in the United States and manufacturing in Europe,” they added.
Then, on April 28, the Chicago Health System Coalition said in Consultant This lover was strongly targeting health care organizations.
“The rise in interlocking ransom incidents affects the widespread scope of the sector and does not seem to target specific types of health care organizations, public health or geographical areas,” the coalition pointed out.
Performance reviews for products security and participate in Intelligence share threat Programs are necessary to protect against threats such as a fan, according to Douglas Makki, Executive Director of threat research in Sonicwall, a network security company.
“This is not nice-it’s crucial to stay in the forefront of the opponents who are constantly developing their tactics,” said Maki by email on Tuesday. “This is not just an invitation to wake up-it is a frequent warning that continues to hit the nap. We have to turn from the interactive response to the proactive defense.”
In the record
“Although Kettering Health will contact the patients by phone to discuss payment options for medical bills, and start an abundance of caution, we will not make calls to request the payment of the phone or receive them until further notice,” health system officials said in a statement.
