[BreachExchange] Coos health clinics shut down by ransomware attack

Fri Sep 24 08:27:05 EDT 2021

https://www.conwaydailysun.com/news/local/coos-health-clinics-shut-down-by-ransomware-attack/article_ceb8f720-1c9c-11ec-8085-7f2b59396c12.html

A ransomware attack this week shut down Coos County Family Health Services,
a main provider of health services in the Androscoggin Valley.

Coos County Family Health CEO Ken Gordon said the attack affected
essentially all of its systems — phone, computer and email.

Phone services had been partly restored by Thursday and all three of the
organizations clinics were open for walk-in appointments after some were
closed following Monday’s cyberattack.

Gordon said the non-profit organization noticed early Monday before its
various clinics opened that there were abnormalities in how its systems
were running. An examination revealed the entire system had been
compromised. He said CCFHS shut down services and worked to prevent further
activity on the system.

While he confirmed the system had been hit by a ransomware attack, he said
he could not talk about the attack itself.

He emphasized there was no evidence that patient information was
compromised. He said the organization hoped to have the entire system back
up and running as soon as possible.

“We’re slowly in the process of rebuilding and standing things up,” Gordon
said.

Coos County Family Health Services operates primary care clinics at 133
Pleasant St. and Page Hill at Androscoggin Valley Hospital in Berlin and at
2 Broadway Ave. in Gorham, offering a wide range of health and social
services including primary care, pediatrics, women’s health, podiatry and
behavioral health.

It operates a dental clinic at 73 Main St. in Berlin and also runs RESPONSE
sites in Berlin, Lancaster and Colebrook, addressing the needs of survivors
of domestic violence and sexual assault.

On Wednesday, Coos County Family Health Services had its Page Hill Clinic
at Androscoggin Valley Hospital open for walk-in care, and Dr. Brian Beals
and pediatric nurse practitioner Chelsey Andrea were seeing sick children
at the Gorham office.

Gordon thanked CCFHS’s patients for their support and patience as the
non-profit recovers and starts to reschedule appointments.

Gordon said the non-profit serves about 15,000 people annually and offers
services on a sliding fee scale for those without insurance or with high
deductibles.

Gordon said during COVID, many patients postponed routine health-care
visits and there has been a push to reschedule those visits. The ransomware
attack will delay some appointments just as Gordon said they were getting
people caught up.

He said Coos County Family Health Services is constantly working to make
sure its systems are secure and particularly in the last couple of years
has invested in measures to guard against cyberattacks. That includes
endpoint protection that secures access to the organization’s internal
network.

Gordon said there has also been training for staff on using the computer
properly.

“So, we really can say, with complete confidence that we’ve done everything
any health-care or other company would do to protect its systems, and it
was just our bad luck,” Gordon said.

He said the University of Vermont Medical Center was hit by a ransomware
attack last fall. That attack affected more than 5,000 hospital computers
and laptops that encrypted files and data on 1,300 servers.

The Association of American Medical Colleges reports that cyberattacks on
health-care systems have spiked during the pandemic. Hackers gain entry to
a computer system, encrypt the files that run it, and then demand payment
for a decryption key to unlock access.

The U.S. government site Stop Ransomware reported that one ransomware
attacker has targeted 16 U.S. health-care and first responder networks
within the past year.

A recent Forbes magazine article reported ransomware attacks are increasing
in scale, sophistication and frequency, victimizing governments,
individuals and private companies around the world. The article said last
year, ransomware payments exceeded $400 million, more than four times the
level in 2019.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210924/e2703dfc/attachment.html>