Threat actors are demanding $14 million after infecting Virtual Care Provider Inc. (VCPI) with the Ryuk ransomware.
The Milwaukee-based company provides IT consulting, data storage, internet access and security services to roughly 110 nursing homes around the US.
On November 17, threat actors had launched the Ryuk ransomware into the VCPI’s network system, subsequently encrypting all the data the company hosts for its clients. Threat actors are demanding an overwhelming $14 million ransom.
In an interview to KrebsOnSecurity, VCPI chief executive and owner Karen Christianson, said that the attack had impacted the company’s own billing and payroll operations, as well as crucially impacting “all of their core offerings, including Internet service and email, access to patient records, client billing and phone systems.” Worryingly, the attack could impact vital patient care.
“We have employees asking when we’re going to make payroll,” Christianson said. “But right now all we’re dealing with is getting electronic medical records back up and life-threatening situations handled first.”
Christianson explained that the company cannot afford to pay the ransom demand, and that clients may be in danger of having to shut down if VCPI can’t recover from the attack.
“We’ve got some facilities where the nurses can’t get the drugs updated and the order put in so the drugs can arrive on time,” she said. “In another case, we have this one small assisted living place that is just a single unit that connects to billing. And if they don’t get their billing into Medicaid by December 5, they close their doors. Seniors that don’t have family to go to are then done. We have a lot of [clients] right now who are like, ‘Just give me my data,’ but we can’t.”
This incident follows a ransomware attack on a hospital in France which resulted in major delays in care, shutting down computer systems, and forcing staff to resort to pen and paper.
Threat actors are now focused on targeting healthcare organisations due to a wealth of personally identifiable information (PII) and low IT budgets.
The post #Privacy: Over 100 nursing homes across the US struck by ransomware appeared first on PrivSec Report.