Ransomware Infiltrates Sky Lakes Medical Center & St. Lawrence Health System

An additional two hospitals have been impacted by ransomware attacks that have resulted in their computer networks being offline and medics having to use pen and paper to record patient details.

These ransomware attacks took place on Tuesday, October 27, 2020 at Sky Lakes Medical Center in Klamath Falls, OR and St. Lawrence Health System in New York. It is not yet known what ransomware variant was employed in the attack on Sky Lakes Medical Center. However that ransomware attack on St. Lawrence Health System ransomware involved a new variant of Ryuk.

On its Facebook page Sky Lakes Medical Center revealed that while its computer systems had been put in a state of misuse, care is still being administered to patients and its emergency and urgent care departments are still open and fully operational and the majority of elective procedures were being carried out as planned. To date there is no indication that any patient data were impacted in the course of the attack; however, the investigation has not been completed as of yet.

The attack on St. Lawrence Health System was identified some hours after the initial compromise. St. Lawrence Health System released a statement revealing its IT department had taken systems offline to try and contain the attack and stop the ransomware from infiltrating all parts of the network.

The ransomware attack is reported to have impacted three of its hospitals – Canton-Potsdam Hospital, Gouverneur Hospital, and Massena Hospital. A step was taken to send ambulances from some of the impacted hospitals as a precautionary measure to ensure care could be given to patients.

As was the case with the attack on Sky Lakes Medical Center, no proof was located to suggest that patient information was impacted, although the Ryuk ransomware gang is known to exfiltrate patient data before file encryption takes place.

A joint advisory was made public by CISA and the FBI this week, along with the HHS’ Department of Health and Human Services, warning about a surge in targeted Ryuk ransomware attacks on hospitals and public health sector groups. Credible evidence had been located indicating attacks on hospitals and other healthcare providers would likely rise.

Healthcare groups are being directed to implement measures to make their networks safe from attacks. Tell tale signs of the compromise have been published along with mitigation measures to help stop attacks and bring a halt to attacks in progress. Additional information on the advisory along with the measures that should be taken to harden defenses can be seen here.