The websites of the University of Michigan Medical School were compromised Monday morning as part of a coordinated cyberattack by the pro-Russian hacker group Killnet.
The group is known for shutting down public and government websites around the world, including in Romania, Moldova, Japan, Latvia, Germany, and the United States. number of US airports last year.
Monday’s attack targeted US hospital systems, including Stanford Health Care at Stanford University, Thomas Jefferson University Hospital in Philadelphia, Duke University Hospital in Durham, NC and several systems Others include UM Health and CS Mott Children’s Hospital.
Related: Michigan Medicine suffers another data breach after cyberattack
This group is known for distributed denial of service attacks, or DDoS, that make it impossible for users to access websites. This attack hit third-party providers of hospital websites that contained no patient information.
“The University of Michigan Medical School experienced intermittent issues with its public websites due to a cyberattack on a third-party provider we use to host some of our websites,” health system said in an emailed statement to Crain’s. “We are working with a third party to mitigate it and hope our sites will be up and running as soon as possible.”
As of Monday afternoon, all UM locations were back up and running.
Michigan Medicine, the parent organization of hospitals and health systems, has been hit by a number of cyberattacks over the past 12 months.
The health system was hacked in August after four employees fell for a phishing email scam that lured them to a website asking for login information and a fake multi-factor authentication prompt. The information of 33,850 patients was compromised by the attack, although there is no evidence that the attack was designed to access patient information. However, UM cannot rule out data theft that may include patient information.
Not a Modern Healthcare subscriber? Sign up today.
Some workers’ emails contained patient information, such as name, medical record number, address, date of birth, treatment information and health insurance data, the system said in a statement. solstice.
The Social Security number of a relevant patient.
In March, Michigan Medicine notified nearly 3,000 patients that their health information was leaked from a similar scam.
Also in March, Ascension Michigan – a subsidiary of Ascension Health based in St. Louis, which operates four hospitals in the state – reported a data breach that exposed the personal information of more than 27,000 patients.
More than 550 US hospitals reported data breaches in 2021, exposing the information of more than 40 million patients, according to data from the Office of Civil Rights of the US Department of Health and Human Services.
This story first appeared in Crain’s Detroit Business.
