Two U.S. hospitals dealing with ransomware attack

According to reports from local news sources, two hospitals under the Ohio Valley Health Services and Education Corp umbrella are fixing the damage done by a recent ransomware attack. The hospitals in question are East Ohio Regional Hospital (EORH) in Wheeling, W.Va., and Ohio Valley Medical Center (OVMC) in Martins Ferry, Ohio. The ransomware specifically, according to a report from WV News, caused the medical facilities to become unable to accept patients from emergency service transports. It is currently unknown as to who is behind the attack and what ransomware variant was used.

Karin Janiszewski, director of marketing and public relations for EORH and OVMC, told The Times Leader the following about the incident:

At the moment, our emergency rooms are unable to take patients by E-squads, but we can take patients by walk-in... our IT team is working around the clock right now and we expect to have the issue resolved by (Sunday)... we have redundant security, so the attack was able to get through the first layer but not the second layer... there has been no patient information breach... the hospitals are switching to paper charting to ensure patient data protection.

Ransomware is deployed against numerous targets, but when it happens to hospitals (which is often), the offense seems to be particularly evil. Ransomware often brings down vital systems via file or hard drive encryption that hospitals require to function. IT security teams affiliated with hospitals have done their best to mitigate the risk associated with ransomware infections, but as this incident proves, there is no such thing as an impenetrable defense.

This is why it is vital that security professionals on the blue team (defensive) side of security are constantly updated on new threats. It is also vital that hospitals hire offensive security professionals to perform penetration tests on a consistent basis. With these two strategies, along with educating employees on phishing emails, hospitals can be better equipped to face assaults from cybercriminals looking to make a payday by exploiting the most vulnerable and needed services.

Featured image: Pixabay

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter
Tags healthcare

Recent Posts

Azure Windows Virtual Desktop: Avoid the fresh hell of stale user sessions

This tutorial on Azure Windows Virtual Desktop and stale users can help you cut down…

25 mins ago

Phishing campaign spoofs texas.gov domain, targets computer vendors

A convincing-looking phishing campaign purportedly from a Texas government agency is targeting computer vendors in…

4 hours ago

Top 5 cybersecurity innovations and why they’re drawing in the money

With attackers making use of every vulnerability, our sense of security has turned into insecurity.…

7 hours ago

Have you really tested your disaster recovery plan?

How do you simulate a disaster to see whether your disaster recovery plan is ready…

1 day ago

Using conditions in ARM templates when deploying infrastructure-as-code

This Quick Tip shows you a neat little coding trick that will help you when…

1 day ago

Full circle: On-premises Exchange to Microsoft 365 — and back again

Migration from on-premises Exchange to Microsoft 365 may not be a one-way street. What about…

1 day ago