Ryuk ransomware attacks more than 100 nursing homes in the US

IT company Virtual Care Provider Inc. (VCPI) from Wisconsin (USA), providing cloud-based data hosting, security, and access control to more than 100 nursing homes in the United States, was the victim of an Ryuk ransomware attack.

“Milwaukee, Wisc. based Virtual Care Provider Inc. (VCPI) provides IT consulting, Internet access, data storage and security services to some 110 nursing homes and acute-care facilities in 45 states. All told, VCPI is responsible for maintaining approximately 80,000 computers and servers that assist those facilities”, — gives a reference IS specialist of the affected company Brian Krebs.

On November 17, attackers infected with ransomware a VCPI network, numbering about 80 thousand computers and servers, and encrypted all stored data. The criminals demanded a ransom of $ 14 million in bitcoins in exchange for a digital key needed to unlock access to files.

Read also: Developers fixed critical vulnerability in popular Jetpack WordPress plugin

According to VCPI Director Karen Christianson, the attack affected almost all of the company’s core structures, including Internet services and email, access to patient records, customer accounts, telephone systems, and even VCP payment systems used by more than a hundred employees of the company.

“We’ve got some facilities where the nurses can’t get the drugs updated and the order put in so the drugs can arrive on time. In another case, we have this one small assisted living place that is just a single unit that connects to billing. And if they don’t get their billing into Medicaid by December 5, they close their doors. We have a lot of [clients] right now who are like, ‘Just give me my data,’ but we can’t”, — tells Karen Christianson.

Ryuk ransomware operators usually attack companies with annual revenues ranging from $ 500 million to $ 1 billion. Attacks using this malware were first recorded in August 2018. Then, during one of the attacks, the Ryuk malware operators managed to earn about $ 640 thousand in bitcoins.

The VCPI incident is just the latest in a series of attacks on ransomware against healthcare organizations, which typically operate with minimal profitability and have relatively little investment to support and protect their IT systems.