A Dallas-based nonprofit Catholic medical system suffered a ransomware attack that it says did not affect any patients’ private health information.
Katy Kiser, director of external communications and social media at Christus Health, confirmed the unauthorized activity on the system’s network.
“Christus Health recently learned of unauthorized activity on its computer network,” Kiser said in a statement. “This was quickly identified and blocked by Christus Information Security. At this time, it appears the incident is limited and had no impact on patient care or clinical operations at Christus Health. We are working with industry experts to investigate and resolve the issue. Christus values and is committed to respecting the privacy and security of all those we are privileged to serve.
AvosLocker, a new ransomware group, claimed responsibility for the attack on the Catholic medical system, according to CyberScoop. This is the second healthcare system targeted by ransomware in the past two months. Michigan-based McKenzie Health System recently began notifying patients of an attack that included a breach of patient information.
Cybersecurity Ventures found that ransomware attacks total nearly $20 billion per year. Heath Renfrow, co-founder of FENIX24, a disaster recovery service in Chattanooga, Tennessee, said hundreds of ransomware events occur daily. Many cases involve health care, he said, due to the rotating nature of hospitals and patients.
Threat actors “are betting that the health care provider will eventually pay the ransom and can sit down and have their systems decrypted and restored to working order so they can continue to do business and to serve their patients,” said Renfrow. . “So really for the (threat actors) it’s a quick win.”
Groups that target hospital systems often leave them deeply in debt, he said.
Renfrow said it’s likely that AvosLocker is affiliated with Russia, since the group has pledged not to attack any business in Russia, according to its dark webpage.
Hospitals are legally required to notify all patients who are affected, Renfrow said.
“Chances are that if healthcare providers have been hit by ransomware attacks, their data will be exposed,” Renfrow said.
Note: This story was revised on Tuesday to clarify that Cybersecurity Ventures did the research that found $20 billion worth of ransomware attacks occur every year.