CHI Health announces system outages due to ransomware attack
OMAHA, Neb. (WOWT) – According to a press release from CHI Health’s parent company, the cybersecurity incident the organization has been facing for more than a week is due to a ransomware attack.
“Upon discovering the ransomware attack, CommonSpirit took immediate steps to protect our systems, contain the incident, begin an investigation, and ensure continuity of care,” says the release.
“Patients continue to receive the highest quality of care, and we are providing relevant updates on the ongoing situation to our patients, employees, and caregivers. Patient care remains our utmost priority and we apologize for any inconvenience this matter has created.”
The release comes hours after CHI Health representatives told 6 News that the attack has caused them to make “temporary adjustments, including rescheduling or delaying certain appointments or procedures on a case-by-case basis.”
“This particular incident right now is a little bit unknown,” says Tony Sabaj, a cybersecurity expert with Check Point, a global company that helps organizations, including some major health systems, protect against and respond to cyber incidents.
Sabaj says it’s not uncommon for health systems to be targeted by ransomware.
“Ransomware actors will go after health care organizations because they’re more apt to pay ransomware attacks to get their systems back online so they can do lifesaving work and not affect patient care,” he says.
But there are other reasons why attackers go for health systems.
“Healthcare records and healthcare information sells for a lot of money on the dark web,” he says. “A full health record of an individual on the dark web is going to sell for anywhere from $250 to $1,000 per record, and if you compare that to credit card information, even if it’s complete credit card information, that will go for $1 or $2.”
Attackers can then use that information to commit more healthcare frauds and scam patients.
Based on how long CHI Health and CommonSpirit have been dealing with the cyber incident, Sabaj says he suspects one of two things is happening.
“They could be negotiating with the ransomware, with the bad actors for maybe lower payments.”
More likely, he says, “they could be trying to do a full-blown recovery and not pay the ransom, the recovery efforts usually take a very long time, rebuilding systems, restoring from backup, making sure your backups don’t have any security vulnerabilities in them that will cause this to happen again in the next days weeks months.”
Since the attack, CHI Health workers and nurses tell 6 News they’ve been forced to go back to doing everything by hand, including charting patient information, which takes far longer.
CommonSpirit says they’re working to resolve the issue.
“Our facilities are following existing protocols for system outages, which includes taking certain systems offline, such as electronic health records. In addition, we are taking steps to mitigate the disruption and maintain continuity of care. To further assist and support our team in the investigation and response process, we engaged leading cybersecurity specialists and notified law enforcement. We are conducting a thorough forensics investigation as we restore full functionality and reconnect our systems.
Central to our decision-making has been and will continue to be our ability to carry out our mission in a manner that is safe and effective to those we serve.”
Copyright 2022 WOWT. All rights reserved.