The Crozer-Keystone health system was recently attacked by the NetWalker ransomware gang with ransomware. The group is now auctioning the stolen data from the system through their Darknet website. If the auction is not completed within six days, the group has promised to lose the data.
On June 19, Cointelegraph had access to this publication. They seem to have dozens of folders with an unknown amount of data, mostly about finance, but nothing to do with their patients’ medical records.
The group claims that the Crozer-Keystone health system was unable to pay the ransom demanded in Bitcoin (BTC).
Crozer-Keystone is a healthcare system that consists of four hospitals. It has offices in Delaware County, Pennsylvania, and serves Delaware County, northern Delaware, and parts of western New Jersey.
The health care system did not provide any other important details about the incident.
The incident was resolved by the healthcare system through DataBreaches.net. They did not provide details of the amount requested as a ransom, nor did they confirm whether their patients’ data had been compromised:
“After the Crozer-Keystone information technology team quickly identified a recent malware attack, it immediately took action and started to fix the affected systems. Once the threat was isolated, we separated the systems we needed to avoid further risks. We are completing this work in collaboration with cybersecurity experts in our healthcare system and are currently conducting a comprehensive investigation of the problem. “
Hospitals are attacked during the COVID-19 pandemic
Brett Callow, a threat analyst and ransomware expert at the Emsisoft malware laboratory, told Cointelegraph:
Attacking a hospital system is a despicable and unimaginable act, especially in the midst of a pandemic. Several ransomware groups said they would not attack healthcare providers during the pandemic, and surprisingly they kept their word that NetWalker is not one of these groups. “
Callow warned of the dangers of such attacks and found that they can be extremely harmful and potentially life-threatening. He recalled that in previous incidents, hospitals had to close their doors and redirect emergency patients to other hospitals:
“This is the last thing that is needed at a time when health services are already at the border due to Covid-19.”
According to research by Emsisoft, at least 764 healthcare providers in the U.S. were affected by ransomware attacks in 2019.
On June 10, Cointelegraph reported that risk solution provider Kroll, He identified a growing trend in using the Qakbot or Qbot trojan to launch wire hijacking campaigns in emails that triggered ransomware attacks.