A company that provides technology services to more than 100 nursing homes across the U.S. is the victim of a ransomware attack, with hackers demanding $14 million before they'll restore access to its hijacked servers.
Virtual Care Provider informed its clients of the attack in a November 18 letter, a day after the attack was discovered. The company said it was working to determine if any client data had been compromised, disclosing that about 20% of its services were affected by the virus and that it needs to rebuild 100 of its servers.
The Milwaukee-based company has been unable to pay the ransom. That means some of the nursing homes it serves can't access patient records, use the internet, pay employees or order medications, The Journal Sentinel reported.
"We have employees asking when we're going to make payroll," Karen Christianson, the company's chief executive, told the local newspaper. "But right now, all we're dealing with is getting electronic medical records back up and life-threatening situations handled first."
The company said told The Associated Press on Monday that "upon learning of this incident, we immediately launched an internal investigation and retained independent cybersecurity experts to assist us in our investigation and remediation efforts." The statement went on to say the company is "working diligently to restore these systems as quickly and safely as possible."
A Milwaukee security firm, Hold Security, found that that Russian hackers had infected Virtual Care's computers over 14 months using malicious email attachments, the Journal Sentinel reported.
Ransomware attacks have been on the rise this year, especially those seeking to hijack critical public services. There were more than 70 ransomware attacks in the first half of 2019, with more than 50 targeting cities. The average ransom payout in the second quarter of this year was $36,295, according to a report by security firm Coveware.
In August, a ransomware attack crippled about 400 dental practices nationwide, including two Wisconsin companies that provide an online service to dentists' offices. The attack made patient charts, schedules, X-rays and patient ledgers inaccessible.
Last year in New Jersey, two Iranian men were indicted in the so-called SamSam ransomware attacks that targeted about 200 victims, including hospitals, municipalities and public institutions, causing more than $30 million in losses.
Mike Christman, section chief for the FBI's cyber division,that cybercrooks know governments and hospitals are most likely to pay if only because they can't afford not to.
The increase in such incidents has also led to report found the quick growth of cyber insurance could itself be a factor driving increased attacks, by encouraging clients to pay the money to hackers., which is intended to limit the financial damage from a ransomware attack. But a ProPublica