Hackers hijack MEDHOST site, redirecting users to threat

All of the company’s public-facing URLs redirected users to another site that threatened to release patient data if MEDHOST didn’t pay an extortion fee.
By Jessica Davis
04:26 PM
Hackers hijack MEDHOST

Nashville-based health IT company MEDHOST’s public website was hacked on Tuesday morning, with all public-facing URLs redirecting to another site.

According to officials, the company’s account with its internet domain registrar was compromised, and hackers posted a message that said patient data would be sold if demands were not met.

A screensnap of a search result for MEDHOST

“All personal information obtained from the servers will be available for purchase online, if the company does not meet our demands,” the message read. “We have the following in our possession: 127 domain names, access to patient records, access to payment information.”

The hackers demanded 2 bitcoins, or about $33,700, to release the domains. Officials clarified this was not a ransomware attack.

Company officials said there was no indication patient information was compromised. Further, MEDHOST officials said it remained in full control of its internal systems throughout the entirety of the incident.

Currently, the MEDHOST site is back to full operation. However, certain web searches still have the hacker’s messages in the site description, although the user is directed to the normal MEDHOST webpage.

“MEDHOST has full control of the domain, and the restoration of the domain and web-based applications has been completed,” a MEDHOST spokesperson said in a statement.

“Depending upon geographic location, some customers already have full access, but it is possible that the process could take up to 24 hours to propagate,” they continued. “Intermittent application impact may be experienced by end users during that time.”

The company still is investigating the incident and the root cause.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com