SamSam hackers hit Indiana's Allied Physicians of Michiana
Allied Physicians discovered the cyberattack on May 17 and immediately shut down the network to protect patient data and the rest of the network. Officials said they worked with their incident responder and outside counsel to restore data without significantly disrupting patient care.
Officials said they were able to successfully contain the incident and are still investigating to confirm whether or not patient data was compromised. The provider group also is working with relevant regulatory agencies and the FBI to determine the scope of the incident.
“The FBI has previously stated in response to similar attacks perpetrated by these actors that their primary goal is to extract a ransomware payment,” officials said in a statement.
Allied Physicians declined to confirm whether it paid the amount demanded by the hackers.
“The security of our patients’ personal and protected health information is foremost in our mind,” said Allied Physicians CEO Shery Roussarie in a statement. “While we make effort to keep ahead of these types of cyberattacks, we have nevertheless taken additional steps to minimize any such future attack.”
Allied Physicians is just one of many healthcare organizations hit by SamSam this year. SamSam hackers hit Allscripts in January, which threw some of its clients offline for up to a week. In January, another Indiana provider, Hancock Health, actually paid the ransom to the hackers who hit the health system with SamSam.
SamSam hackers have impacted at least eight separate healthcare and government businesses this year and also are responsible for shutting down the Atlanta government in March.
The U.S. Department of Health and Human Services officials warned the sector in April that SamSam is still targeting the healthcare sector. Hackers are targeting open RDP connections and break into networks using weak passwords or brute force attacks with a goal of proliferating across a network.
“In 2018, the trend of targeting vulnerable, public-facing servers continued for the attackers behind the SamSam campaigns,” according to the HHS alert. “Although the infection vector for the ongoing campaigns is yet to be confirmed, there has been some discussion among researchers that the attackers’ initial foothold may have been a compromised RDP/VNC server.”
Ransomware attacks and information security strategies will be among the topics experts discuss at the upcoming HIMSS Healthcare Security Forum in San Francisco, June 11-12.
Healthcare Security Forum
The forum in San Francisco to focus on business-critical information healthcare security pros need June 11-12.