Ransomware Attacks Carried out on Four Healthcare Providers & Ventilator Producer

Long Island City, NY-located Boyce Technologies Inc, which produces transport communication systems and recently changed its production facilities to provide ventilators for hospitals during the pandemic, has been targeted with DoppelPaymer ransomware. Data was illegally taken before file encryption and a sample of the stolen data has been published on the threat actor’s blog. The stolen data incorporates purchase orders, assignment forms, and other sensitive data.

Boyce Technologies Inc. was certified by the FDA to manufacture ventilators and was making approximately 300 machines per day. Those ventilators have been used in hospitals in New York and the company is now producing ventilators for other areas. The ransomware attack has focused on the production of those ventilators and has potentially put lives in danger.

Piedmont Orthpedics/OrthoAtlanta, a group of orthopedic and sports medicine centers in the greater Atlanta area, has been targeted by threat actors using Pysa (Mespinosa) ransomware. As with the attack on Boyce Technologies, before the encryption of files the threat actors stole sensitive data. According to databreaches.net, around 3.5 GB of data have been released online, including files that contain patients’ protected health data. Olympia House Rehab located in Petaluma, CA and the Center for Fertility and Gynecology in Los Angeles, CA have both been targeted using Netwalker ransomware and have had data stolen and released online, including patients’ protected health information.

Muskingum Valley Health Centers in Zanesville, OH notified has recently made contact with 7,447 patients that some of their protected health information was potentially obtained by threat actors before the use of ransomware on the medical record system implemented by OB GYN Specialists of Southeastern Ohio Inc.

The EHR included the records of patients who were treated from 2012 and 2017. The attack took place on May 31, 2020 and was discovered on June 2. The investigation found no proof suggesting patient information was stolen before to the use of ransomware, although the possibility of data theft could not be eliminated. The hackers may have had access to names, dates of birth, addresses, Social Security numbers, diagnoses, medical conditions, laboratory test results, treatment information, insurance claim information, and financial information. Impacted individuals have been offered 24 months free credit monitoring and identity theft recovery services. Security policies, procedures and password requirements have been updated to stop additional attacks.

41 healthcare suppliers reported ransomware attacks in the first half of 2020 according to Emsisoft. The double-extortion attacks included threats to release or sell data if the ransom is not paid are increasing, with many threat groups now using this tactic. Emsisoft have revealed that around 1 in 10 ransomware attacks now include data theft.