Right on cue, ransomware attacks in healthcare are indeed increasing. Now, after news this week that two more California hospitals have been hit by malicious attacks, we learn that not only has a Canadian hospital fallen victim to ransomware, so may have some visitors to the hospital’s website.
Norfolk General Hospital in Simcoe, Ontario, confirmed this week that it had fallen victim to a ransomware attack, according to CBC News. Worse, security firm Malwarebytes said Norfolk General’s website has spread ransomware to the computers of staff, patients and families.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
“Our honeypots visited the hospital page and got infected with ransomware via the Angler exploit kit. A closer look at the packet capture revealed that malicious code leading to the exploit kit was injected directly into the site’s source code itself,” wrote Malwarebytes senior security researcher Jérôme Segura.
“The particular strain of ransomware dropped here is TeslaCrypt which demands $500 to recover your personal files it has encrypted. That payment doubles after a week,” Segura explained.
He said he saw it coming because Norfolk General runs an outdated release of the Joomla content management system, version 2.5.6, rather than the current version 3.4.8. Old WordPress releases also can be vulnerable, Segura added.
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
“The truth of the matter is that any outdated or poorly secured website is simply a sitting duck waiting to be taken over via automated scanners before getting leveraged for spam, phishing or malicious redirections, just to name a few,” Segura said.
He said Malwarebytes contacted Norfolk General’s IT staff and informed them of the incident. “We were told that they were working on upgrading their version of Joomla with their hosting provider.”
Still, CBC said Thursday that the hospital “denies that visitors were ever at risk.”
Norfolk General systems administrator Dennis Saunders told the Canadian news network that he learned of the ransomware attack Feb. 22, four days before Segura first reached out to the hospital.
Per the CBC report:
In the end, three hospital computers were infected with ransomware, but the hospital doesn’t believe its own website was the source. The infected computers were restored from backups and no ransom was paid.
Saunders added that staff and the public were not notified about the situation because “it was addressed quickly, so there wasn’t a concern for staff.”
Photos: Flickr user Quinn Dombrowski, Malwarebytes
