A mental health hospital for children and young people in Delaware, U.S., was infected with a ransomware variant at the end of last year. According to network security and ethical hacking specialists of the International Institute of Cyber Security, resulting from the attack access to the records of the hospital were blocked, so the organization had to pay a ransom to recover their access.
According to the hospital director, the records
were encrypted last Christmas and no staff members were able to access them.
The compromised records contained information such as:
- Full
names - Dates
of birth - Addresses
- Social
Security numbers - Patient
Medical Details
The institution confirmed that, for the most
part, patients are children and adolescents from low-income families.
As network security experts report, hospital managers
had to pay a ransom of thousands of dollars to get back access to the
records. “So far, we don’t have any
evidence to show that more confidential information has been compromised,”
said Jill Rogers, hospital director. Rogers added that the compromised
information contained about ten years of organization Records.
Hospital officials did not specify what the
ransom amount was, nor did they provide technical details about the attack. As
to why they waited so far to reveal the incident, they mentioned that they
decided to reveal the attack until they had the certainty of what exactly
happened and what consequences were generated.
Delaware Law states that any organization that
works with personal information from state residents must report an incident like
this within the first 60 days after the attack was detected, according to
network security specialists.
The hospital has offered a year of free
financial monitoring services to users affected by the incident. “We deeply regret what happened and reaffirm
our commitment to protecting the privacy of your information”, mentions a
statement from the organization.
Multiple cybersecurity firms agree that
ransomware attacks continue to become more and more frequent. In most cases, an
attack starts when an employee clicks on a malicious link and is redirected to
a committed web site.
Recently, a county government in Georgia had to
pay a ransom of $400k USD0 after its systems were infected with a variant of
ransomware known as Ryuk,
and this is only one of many known cases each week.
