It has been reported that one of the largest non-profit healthcare providers in the US has been hit by a suspected ransomware attack which has already impacted multiple locations around the country. CommonSpirit claims to run over 1000 sites and 140 hospitals in 21 states. In a brief message yesterday it said it had “identified an IT security issue” affecting some facilities.
The full story can be found here: https://www.infosecurity-magazine.com/news/us-healthcare-giant-commonspirit/
Ransomware attacks on healthcare organizations remain a critical concern, with Comparitech’s US ransomware tracker showing 42 publicly confirmed attacks on these entities in the US so far this year. While these figures are lower than 2021’s (where we saw 108 in total), our recent research (published this week) finds that the average length of downtime from ransomware attacks on US healthcare organizations has increased dramatically in 2022.
Based on the details that have been published, healthcare organizations are suffering an average of 23.45 days in downtime from ransomware attacks this year. This is up from 5.78 days in 2021. Recent examples include Oklahoma City Indian Clinic which still hadn’t recovered from its attack after two months and Taylor Regional Hospital which suffered a 10-week outage.
Any downtime within businesses can have a devastating impact, but within healthcare organizations the consequences can be even more severe. Equally, if CommonSpirit’s security incident is confirmed as a ransomware attack, it isn’t just the knock-on effect of downtime that will be of concern but the potential breach of patient data. To date, nearly 5 million patient records have been impacted by US healthcare ransomware attacks in 2022.
Healthcare is a favourite sector for a cyber attack, because the fear, uncertainty and doubt felt by the patient community once a breach like this is made public provides multiple criminal operations the opportunity to exploit them. Aside from the originating extortion firm, in an incident of this magnitude every online criminal gang will be mobilising their infrastructure and call centres to target potential victims. They will offer help and protection, which every CommonSpirit client will currently be desperate for, but they just want more personal data to sell on or use themselves to commit more crime. It is absolutely essential for everyone affected to ignore and report any approach, via email, social media, telephone or in person. If anyone tries to make contact in this manner in the next days, weeks or months it will certainly not be CommonSpirit. Try to hold your nerve; ignore, report and delete if you can, and don’t make a terrible situation even worse.