In the hours following a cyber-incident that disturbed some of its services, Kettering Health, based in Ohio, said fraudsters called his patients and asked for credit card payments for medical expenses.
Why it matters
A network cyber-attack limiting access to patient care systems in the 14 Kettering medical centers and more than 120 ambulatory installations caused a call center failure and led to the cancellation of elective surgeries, the health system explained in a online declaration Tuesday.
“Earlier this morning, Kettering Health experienced a system of technology on a system scale, which limited our ability to access certain patient care systems through the organization,” the press release said. “We have procedures and plans in place for these types of situations and will continue to provide safe and high quality care to patients currently in our establishments.”
Emergency rooms and clinics have remained open.
The threat stakeholders displayed a ransom note on the network of the health system which threatened to disclose sensitive and protected data that it had stolen unless Kettering negotiated extortion, as reported by CNN.
The note led the victim to an extortion site associated with the Ransomware of locking gang, according to the history.
Later in the day, Kettering Health updated his system of technology failure on the system scale to confirm scam calls and announce that he kept normal billing calls.
The biggest trend
Health care organizations are targeted because they have been deemed more likely to respond to extortion, which can often put patient safety. If providers do not pay ransom requests, cybercriminals could collect the precious health data they fly while trying to sell it on the Dark web.
Researchers from Cisco's Talos Intelligence said they had observed an attacker performing big game and double extortion by using locking ransomware.
“Our Analysis Uncovered that the Attack Used Multiple Components in the Delivery Chain, Including A Remote Access Tool Masquerading As A Fake Browser Updater, PowerShell Scripts, A Credential Stealer and A Keylogger Before Deploying and Enabling the Ransomware Encryptor Binary,” Talos Researchers Said in 2024 blog.
The striker moved laterally to the victim's network and used Azure Storage Explorer to exfiltrate the victim data to an Azure storage blob controlled by the attacker, Cisco researchers said.
“The group has notably targeted businesses in a wide range of sectors which, at the time of reports, in particular health care, technology, government in the United States and manufacturing in Europe,” they added.
Then, on April 28, the Chicago Health System Coalition declared in a advisory bulletin This locking aggressively targeted health care organizations.
“The increase in incidents in locking ransomware has an impact on the extent of the sector and does not seem to target specific types of health and public health organizations or geographic regions,” noted the coalition.
According to Douglas McKee, Executive Director of Research's Research, Directorwall, a network security company.
“They are not pleasant – they are essential to stay ahead of opponents who constantly evolve their tactics,” said McKee by e -mail on Tuesday. “It is not only alarm clock – it is a repeated alarm on which we continue to strike snooze. We must go from the reactive response to proactive defense.”
At the same time as
“Although it is usual for Kettering Health to contact patients by phone to discuss the options of payment of medical invoices, by abundance of caution, we will not make calls to request or receive a payment by telephone until further notice,” said health system in a statement.
