On New Year’s Day, Children’s Hospital announced that it was aware of a statement issued by a ransomware group with an apology and an offer to provide a free decryptor to restore affected systems. by ransomware.
WHY IT IMPORTANT
On December 18, 2022, SickKids was hit by ransomware and operations were moved to “Code Grey,” according to an announcement on the hospital’s website.
“Clinical teams are currently experiencing delays in retrieving lab and imaging results, which may result in longer wait times for patients and families,” the hospital said on December 22. .
Other affected systems include employee timekeeping and prescription filing.
On December 29, the Toronto hospital announced that nearly half of the affected systems had been restored.
According to Globalnews.ca, the LockBit ransomware team that provided affiliates with access to malware to cut ransom profits then issued an apology on the dark web on the last day of the year, at the time. posted on Twitter.
In the statement, the ransomware organization allegedly blamed a partner and provided a free decryptor to the hospital to unlock its data.
Even with the ransomware group’s decryptor, healthcare organizations only recovered about two-thirds of their files on average, said Chester Wisniewski, a principal research scientist with Vancouver-based Sophos.
Affiliates tend to scramble for data, he said.
Wisniewski adds that the purpose of LockBit’s now-viral statement may be to discourage other affiliates that might see the children’s hospital attack as a step too far compared to moving to another ransomware group. , Wisniewski added.
SickKids posted an additional statement to its website that it was aware of the team’s apology and was analyzing the decoder. The hospital also said it does not pay the ransom and so far there is no evidence that personal information or personal health information has been affected.
Brett Callow, a threat analyst with anti-malware company Emsisoft, told the Canadian newsgroup that there is still a question of whether the LockBit affiliate partner that allegedly cut off has any hospital data left. .
A spokesperson for the Communications Security Facility noted in the story that more than 400 healthcare organizations in Canada and the United States have experienced a ransomware attack since March 2020.
TREND TO BIGGER
In 2021, the Health Industry Cybersecurity Coordination Center released a 31-page summary of LockBit, the launch of the LockBit 2.0 affiliate program, and recruitment efforts for the ransomware as a service program. .
“The only thing you have to do is access the core server, while LockBit 2.0 does all the rest,” according to the LockBit document obtained by the HC3.
Through an interview with a LockBit ransomware operator, the U.S. Department of Health and Human Services’ cybersecurity division has shown that cyber gangs have a measure of ethics.
HC3 says it won’t work in some countries like Belarus and Russia because of “conflicting codes of ethics” and possible disdain for those who attack healthcare organizations.
However, “Although threat actors may openly state that their personal morality influences their choice of targets, many adversaries go after the easiest victims regardless of any moral obligation, based on our experience,” according to the press conference.
Cybersecurity experts in healthcare encourage the industry to fight cybercrime as a service with a security partnership where lives – like those at SickKids – are subject to a safe diversion of care. inevitably occurs after ransomware attacks.
ON PROFILE
“These attacks can sometimes originate closer to home than we think,” Callow told the Canadian news agency.
“We think the attacks are coming from Russia or countries of the Commonwealth of Independent States, while in some cases they can originate within our own borders. ,” he said, noting that the LockBit malware was linked to recent ransomware attacks on two small city governments. – St. Mary’s, Ontario, and Westmount, Quebec.
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS.
