Ransomware attack forced UF Health Florida to shut down the network

Parts of the IT network get shut down after the cyber attack, so hospitals forced to get back to pen and paper

Ransomware attacks affect healthcare providersHospitals need to shut down, transfer patients and use pen and paper when the IT network gets affected by the cryptocurrency extortion-based virus.

According to officials, on the night of May 31, suspicious activity was noticed in the computer servers.[1] UF Health Central Florida, also known as the University of Florida Health, needed to shut down portions of the IT network when malware infection was detected. Villages Hospital and UF Health Leesburg Hospital needed to stay away from connecting to computer systems and email. Teams now work on solutions to mitigate potential risks.

In an abundance of caution, we have suspended access to some of our Central Florida systems, including email, and have implemented our backup procedures as our teams continue to work to ensure that all data and networks are secure.

There is no particular indication of the cyberattack or data leak, but reports[2] show that ransomware was responsible for the outage. Employees still provide healthcare and hospitals continue to serve patients. Still, computer systems and network is going to be down and not in use until the issue is solved and the proper security of these systems ensured.

Ransomware attacks rising and threat actors mainly targeting healthcare networks

Even the FBI recently issued a warning about Conti ransomware[3] and other threats from this category that aim to healthcare sectors.[4] According to recent reports, over the last year, cryptocurrency extortion-based threats are aimed at systems related to healthcare more than other companies and industries. FBI states that at least 16 separate incidents were identified. The official notice states:

Like most ransomware variants, Conti typically steals victims’ files and encrypts the servers and workstations in an effort to force a ransom payment from the victim.

Those ransom notes instruct victims about particular steps after the attack that could help them get files back or networks unlocked. Solutions include money transactions in the form of cryptocurrency. When the needed sum is not paid, attackers use the stolen data and profit in different ways.

Access to targeted networks can be gained by using weaponized links, malicious attachments in emails, or stolen credentials that provide an opportunity to connect to remote desktop protocol, PowerShell scripts. The FBI also warns that when victims refuse to pay the ransom within the time frame given by criminals, hackers may contact them in other ways or try to scare them by claiming to share stolen credentials and data.

Cryptovirus attacks result in data breaches and other information-related incidents

These numbers of ransomware attacks have grown. Especially against healthcare organizations. Various ransomware creator groups are responsible for the major attacks on companies like Scripps Health.[5] Services remain affected after the attack in April, but details are still not released to the public.

The system got shut down for weeks because ransomware managed to affect a large portion of data. The nonprofit healthcare provider in San Diego disclosed that the data breach was a result of the cyberattack, during which information about patients got exposed.[6]

The attack took place on April 29th, and ransomware was launched to encrypt devices. IT systems needed to be suspended, so public-facing portals, websites got shut down. Stroke and other heart attack patients needed to be transferred to other medical facilities. These attacks on IT networks significantly affect the work in healthcare institutions.

In many cases, such malware as ransomware focuses on affecting existing data, but ensuring the profit from the cyberattack is important. This is why attackers steal patient data or different pieces from accessed systems. Copies of such files and documents can be used as leverage by scaring companies that the information will be released on leak sites if the ransom payment is not transferred.

At the moment, it is unknown which hacker group is responsible, and none of the stolen files has been made publicly accessible. Scripps Health began sending notifications on June 1st.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions