In the hours following a cyber-incident that disturbed some of its services, Kettering Health, based in Ohio, said fraudsters called his patients and asked for credit card payments for medical expenses.
Why it matters
A network cyber-attack limiting access to patient care systems in the 14 Kettering medical centers and more than 120 ambulatory installations caused a call center failure and led to the cancellation of elective surgeries, the health system explained in an online declaration on Tuesday.
“Earlier this morning, Kettering Health experienced a system of technology on a system scale, which limited our ability to access certain patient care systems through the organization,” the press release said. “We have procedures and plans in place for these types of situations and will continue to provide safe and high quality care to patients currently in our establishments.”
Emergency rooms and clinics have remained open.
The threat stakeholders displayed a ransom note on the network of the health system which threatened to disclose sensitive and protected data that it had stolen unless Kettering negotiated extortion, as reported by CNN.
The note led the victim to an extortion site associated with the Locking Ransomware gang, in history.
Later in the day, Kettering Health updated his system of technology failure on the system scale to confirm scam calls and announce that he kept normal billing calls.
The biggest trend
Health care organizations are targeted because they have been deemed more likely to respond to extortion, which can often put patient safety. If providers do not pay ransom requests, cybercriminals could collect the precious health data they fly while trying to sell it on the Dark web.
Researchers from Cisco’s Talos Intelligence said they had observed an attacker performing big game and double extortion by using locking ransomware.
“Our analysis discovered that the attacker used several components of the delivery chain, including a distance access tool pretending to be a false browser, PowerShell scripts, an identification thief and a Keylogger before deploying and allowing the ransomware blog binary,” said Talos Researchers in a 2024 blog article.
The striker moved laterally to the victim’s network and used Azure Storage Explorer to exfiltrate the victim data to an Azure storage blob controlled by the attacker, Cisco researchers said.
“The group has notably targeted businesses in a wide range of sectors which, at the time of reports, in particular health care, technology, government in the United States and manufacturing in Europe,” they added.
Then, on April 28, the Chicago Health System Coalition declared in a advisory bulletin that Interlock was aimed aggressively health care organizations.
“The increase in incidents in locking ransomware has an impact on the extent of the sector and does not seem to target specific types of health and public health organizations or geographic regions,” noted the coalition.
According to Douglas McKee, Executive Director of Research’s Research, Directorwall, a network security company.
“They are not pleasant – they are essential to stay ahead of opponents who constantly evolve their tactics,” said McKee by e -mail on Tuesday. “It is not only alarm clock – it is a repeated alarm on which we continue to strike snooze. We must go from the reactive response to proactive defense.”
At the same time as
“Although it is usual for Kettering Health to contact patients by phone to discuss the options for paying medical invoices, by abundance of caution, we will not make calls to request or receive a payment by telephone until further notice,” said health system in a statement.
