[BreachExchange] Hackers Demand $1M in Grays Harbor Ransomware Attack

Destry Winant destry at riskbasedsecurity.com
Thu Aug 15 10:02:15 EDT 2019


Hackers infected Washington-based Grays Harbor Community Hospital and
Harbor Medical Group with ransomware and demanded a payment of $1
million to unlock patient files, according to a report from the Daily

The report sheds light on the EHR downtime the provider put into place
after experiencing persistent issues with its EHR systems in June.
Both the hospital and HMG’s clinics were impacted by the issues with
its MEDITECH EHR. However, officials did not explain the cause.

According to the latest, the hackers infected the computer systems
with ransomware nearly two months ago when an employee clicked on a
malicious link contained in a phishing email. The cyberattack began on
a weekend when Grays Harbor IT staff was limited.

During the initial days, staff treated it as an IT issue and officials
said servers were turned off the Monday after the attack to contain
the infection. However, the ransomware had rapidly spread within the
first days of the attack.

Grays Harbor clinics were hit harder by the attack, as the hospital’s
older software prevented the ransomware from properly installing on
the main system. The ransomware was more effective at the clinics,
where medical records, prescriptions, and other functions are still

Patient records are still available at the hospital, while the clinics
are still operating on paper. Officials stressed that patient care was
not impacted, with surgeries, emergency care, and routine appointments
continuing as scheduled.

But some appointments were delayed, and patients were asked to bring
their prescriptions and other medical histories with them at the time
of care. Additionally, Grays Harbor experienced a five-day period
where payments could not be processed, which officials said was a
large issue for the “cash-strapped” operation.

The money was not lost, but the timing and cash-flow was problematic.
Grays Harbor does have cyber insurance with a $1 million cap, which
officials are hoping will cover the damage. Officials said the
insurance company caused of the lack of transparency, as they were in
charge of the response and investigation.

The situation is still ongoing, and officials have contacted the FBI
to alert them to the security incident. The report did not explain
whether the hospital paid the ransom. What’s more, about 85,000
patients are being notified that their data was compromised during the
event. Although officials said there’s currently no evidence of

Grays Harbor did have traditional anti-virus and backups in place
before the ransomware attack, but even the backups were infected.
Officials said they have not yet determined whether the missing
records are permanently gone.

Officials are concerned about the ongoing attack, as just a year ago
the hospital’s future was still in limbo given “crippling debt.”
Ransomware causes some of the largest devastation of cyberattacks,
with recent reports showing ransomware payments have increase 184
percentduring the second quarter of 2019. The average downtime lasts
nearly 10 days.

Grays Harbor is just the latest provider to experience a long period
of downtime due to ransomware. After falling victim to two ransomware
attacks in the course of two months and experiencing nearly eight
weeks of downtime, Kentucky-based Park DuValle Community Health Center
paid hackers $70,000 to unlock its records.

More information about the BreachExchange mailing list