[BreachExchange] Ransomware Hits Leading US Medical Debt Collector R1 RCM Inc.

Destry Winant destry at riskbasedsecurity.com
Wed Aug 19 11:25:42 EDT 2020


https://www.hackread.com/ransomware-hits-us-medical-debt-collector-r1-rcm/

Previously, R1 RCM Inc., under different name had several incidents
involving thefts of laptops containing unencrypted patient data.

R1 RCM, formerly Accretive Health Inc., is the latest target of a
ransomware attack. It is one of the largest medical debt collection
firms in the US, with a turnover of over $1.18 billion in 2019.

RCM refers to the revenue cycle management sector that tracks patient
records and profits details throughout their life cycle. This includes
details like patient insurance, registration, medical treatment
documents, benefits verification, bill preparation, and collection,
etc.

The company is not new to incidents involving data related risk
factors. In July 2011 when R1 RCM was known as Accretive Health,
someone stole the company’s laptop containing unencrypted patient data
that was stolen from the personal vehicle of one of its employees.

In 2012, a US Senate inquiry revealed that there were nine such
incidents in 2011 involving thefts of patient data-bearing company
laptops. It was also reported that 30 company laptops had lacked
encryption.


Now, according to cybersecurity journalist Brian Krebs, the
Chicago-based company’s systems were taken down after being hit by a
ransomware attack.

Krebs reported that it is a concerning issue since the company has
access to a treasure trove of private, financial, and medical data of
millions of patients, including their Social Security Numbers and
medical diagnostic data, apart from names and contact information.

See: Authorities bust hacker group planning to hit hospitals with ransomware

It isn’t clear when the attackers breached the company’s networks as
the incident occurred around one week back at a time when R1 was
gearing up to release its 2nd quarterly financial results for the year
2020. Besides, R1 RCM didn’t provide details of the ransomware strain
that targeted its systems.

According to sources, R1’s network was hit by Defray malware. It was
first spotted in 2017 and has a history of targeting healthcare firms.
Defray malware is distributed via booby-trapped MS Office documents
delivered to the targeted system through email.


It is quite likely that R1 RCM’s systems were attacked with a phishing
scam. In a similar case recently, the world-renowned cybersecurity
training institute SANS suffered a data breach after one of its
employees fell for a phishing scam.

Nevertheless, ransomware attacks have become a threat to online
cyber-infrastructure of businesses and institutions. Even though
certain ransomware groups have promised to not attack medical
facilities amidst the pandemic, medical institutions and
pharmaceuticals still remain an open territory due to their assumed
profiteering from such situations.

One such example is of March 13 when ExecuPharm, a US-based
pharmaceutical company was infected with ransomware via a phishing
attack. The hackers ended up leaking trove of the company’s data on
the dark web.


More information about the BreachExchange mailing list