According to reports from local news sources, two hospitals under the Ohio Valley Health Services and Education Corp umbrella are fixing the damage done by a recent ransomware attack. The hospitals in question are East Ohio Regional Hospital (EORH) in Wheeling, W.Va., and Ohio Valley Medical Center (OVMC) in Martins Ferry, Ohio. The ransomware specifically, according to a report from WV News, caused the medical facilities to become unable to accept patients from emergency service transports. It is currently unknown as to who is behind the attack and what ransomware variant was used.
Karin Janiszewski, director of marketing and public relations for EORH and OVMC, told The Times Leader the following about the incident:
At the moment, our emergency rooms are unable to take patients by E-squads, but we can take patients by walk-in… our IT team is working around the clock right now and we expect to have the issue resolved by (Sunday)… we have redundant security, so the attack was able to get through the first layer but not the second layer… there has been no patient information breach… the hospitals are switching to paper charting to ensure patient data protection.
Ransomware is deployed against numerous targets, but when it happens to hospitals (which is often), the offense seems to be particularly evil. Ransomware often brings down vital systems via file or hard drive encryption that hospitals require to function. IT security teams affiliated with hospitals have done their best to mitigate the risk associated with ransomware infections, but as this incident proves, there is no such thing as an impenetrable defense.
This is why it is vital that security professionals on the blue team (defensive) side of security are constantly updated on new threats. It is also vital that hospitals hire offensive security professionals to perform penetration tests on a consistent basis. With these two strategies, along with educating employees on phishing emails, hospitals can be better equipped to face assaults from cybercriminals looking to make a payday by exploiting the most vulnerable and needed services.
Featured image: Pixabay