Hackers hijack MEDHOST site, redirecting users to threat
Nashville-based health IT company MEDHOST’s public website was hacked on Tuesday morning, with all public-facing URLs redirecting to another site.
According to officials, the company’s account with its internet domain registrar was compromised, and hackers posted a message that said patient data would be sold if demands were not met.
A screensnap of a search result for MEDHOST
“All personal information obtained from the servers will be available for purchase online, if the company does not meet our demands,” the message read. “We have the following in our possession: 127 domain names, access to patient records, access to payment information.”
The hackers demanded 2 bitcoins, or about $33,700, to release the domains. Officials clarified this was not a ransomware attack.
Company officials said there was no indication patient information was compromised. Further, MEDHOST officials said it remained in full control of its internal systems throughout the entirety of the incident.
Currently, the MEDHOST site is back to full operation. However, certain web searches still have the hacker’s messages in the site description, although the user is directed to the normal MEDHOST webpage.
“MEDHOST has full control of the domain, and the restoration of the domain and web-based applications has been completed,” a MEDHOST spokesperson said in a statement.
“Depending upon geographic location, some customers already have full access, but it is possible that the process could take up to 24 hours to propagate,” they continued. “Intermittent application impact may be experienced by end users during that time.”
The company still is investigating the incident and the root cause.