[BreachExchange] Derby’s Griffin Hospital website taken down in major ransomware incident

[Destry Winant]

https://www.msn.com/en-us/news/us/derby-e2-80-99s-griffin-hospital-website-taken-down-in-major-ransomware-incident/ar-BB1baCZD

DERBY — Griffin Hospital is the indirect victim of a ransomware
attack, with its website going offline this week but patient
information not exposed, officials said.

Griffin Hospital staff in April 2020 at the Derby, Conn. hospital’s
COVID-19 testing site. In mid-November 2020, the hospital’s website
was taken offline after a “ransomware” attack against the website’s
administrator Managed.com.

The attack is being directed against Managed.com, which administers
the Derby hospital’s website. In ransomware attacks, hackers encrypt
data and demand payment in an untraceable cryptocurrency as a
condition to restoring access. The breaches often occur in “phishing”
emails sent to an individual employee to dupe them into clicking on a
link that installs the ransomware software and takes a system hostage.

In entering the URL for Griffin Hospital or Managed.com, web browsers
returned error messages. Griffin Health has cobbled together an
alternative website at griffinhealthct.org while it deals with the
issue, with the telephone switchboard remaining operable at
203-735-7421.

As of Thursday morning, the Griffin Hospital placeholder website did
not furnish any information on the incident, but includes a
password-enabled patient portal; a bill payment link; and information
on how to schedule a test for the COVID-19 virus among other
functions.

Griffin spokesperson Christian Meagher said no personal health
information has been compromised in the Managed.com hack.

“There was no exposure whatsoever,” Meagher said. “Those are secure on
another (system). ... The website was mostly informational and links,
so that was some of the situation — people will usually go through the
website to get to their health records.”

Managed.com reported on Monday an incident affecting its systems, then
confirmed Tuesday it was the result of a ransomware attack. The
company did not provide detailed information, but indicated it took
all customer sites offline as a precautionary step and that it is
working with law enforcement, with no further update as of Thursday
morning.

The websites for Connecticut’s other acute-care hospitals loaded
correctly as of Thursday morning. In late October, the U.S. Department
of Homeland Security’s Cybersecurity & Infrastructure Security Agency
warned that ransomware perpetrators were stepping up their activities
against health systems. Last month, state Rep. Caroline Simmons,
D-Stamford, signaled her intent to introduce legislation in next
year’s Connecticut General Assembly session with the goal of better
protecting Connecticut businesses and residents from ransomware and
other cybersecurity threats.

Connecticut has an existing Cyber Disruption Response Plan to
coordinate in the wake of any major incident, and asks entities to
report all hacks including those that are unsuccessful to the
Connecticut Intelligence Center at ctic.cyber at ct.gov.

Ransomware attacks are up tenfold this year according to a survey of
managed-services providers by Datto, a Norwalk company which provides
data backup services. This week, the refrigerated warehouse giant
Americold reported a cybersecurity incident, with several trade
publications reporting it as a ransomware incident.

Other ransomware attacks this fall have hit Mattel; office furniture
company Steelcase; and the company furnishing statistics used by the
DraftKings and FanDuel fantasy sports websites.

Datto calculated an average cost of recovering systems at nearly
$275,000. Some victim organizations choose to have their systems
rebuilt rather than pay crooks, whether on principle, fears they will
be targeted again, or that the perpetrators will take the money and
run without restoring data.

In June, Eastern Connecticut Health Network reported that one of its
hospitals was hit with malware, but that it was able to isolate the
issue. Patient lab testing information was exposed on some patients,
including their birth dates, but ECHN indicated it found no evidence
the information has been misused at its facilities which include
Manchester Memorial Hospital and Rockville General Hospital in Vernon.