BIRMINGHAM, Ala. (WIAT) – Two data breaches this week have rocked multiple central Alabama hospitals. CBS 42 first learned about a ransomware attack on Tuesday at DCH Health System on Tuesday. Then, on Friday, UAB Medicine sent a news release about an August cyber attack that may have exposed over 19,000 patients’ information to hackers.
“You know there was an age old question – why do people rob banks? Because that’s where the money is,” explained Joel Sargent, Chief Security Consultant with American Computer Consultants, Inc. out of Birmingham. His firm is not investigating either of the hospital cyber attacks, however; he said he’s seen similar situations time and time again.
“Normally what happens in these cases is the attacker tries to figure out some way to get themselves into the organization,” he said. “In this case it sounds like they were going after financial information. To start with, we put all of our titles; and all of our responsibilities; and who we work for; and who we report to on LinkedIn. So the attackers have the full command and control structure of any organization. They know who to target. They know who to phish.”
There are differences between the cyber attacks. In the case for UAB, officials explain that the hackers target appeared to be employee automatic payroll deposits. However, in the process, investigators believes that 19,557 patients could have had some degree of information viewed by hackers. UAB says they have no evidence, however; that the hackers were looking for, accessed, or stole any potential health information. Still–they are advising those patients to keep a close eye out for fraudulent activity.
“A lot of people will talk about, you know, it’s just my name, my phone number, my e-mail address,” explained Sargent. “The problem is, these are aggregates of data, so there could be thousands of people – and what the attacks will use this for is a lot of times is identity theft. Medical records go for the most money on the black market because medical records contain the most amount of data.”
According to DCH Officials, they are experiencing a ransomware attack, where they have identified the ransomware variant as Ryuk. “When it encrypts these files, when it locks them up, it only encrypts or only goes after the crucial assets and resources, so it’s like, these are the things that will most hurt you if you don’t have access to them, that’s what we’re going to target,” explained Maya Levine, a security engineer with Check Point Software Technologies. Levine explained that the company has researched Ryuk extensively for 25 years. She said the motivation behind the attack is usually financial.
“That’s it honestly,” Levine said. “Unless it’s spying for a nation, [money’s] the main, main motivation.”
DCH has also released a statement saying that at this point, they have no indication that any patient or employee data has been misused or removed from the system. However, they are still dealing with the limitations of operating as the investigation is on-going in ‘manual mode’ while still providing medical care.