Virtual Care Provider Inc., a Wisconsin-based IT company, has been providing its services to nursing homes and assisted living facilities, and is now struggling to recover from a Ryuk ransomware attack in which the attackers demanded a ransom in the size of $14 million.
According to security researcher Brian Krebs, the attack has been preventing the care centers from accessing crucial patient medical records. The company’s owner fears that the attack’s impact could be fatal not only to the business but also to some patients.
Virtual Care Provider Inc. can’t afford to pay the $14 million ransom
In a conversation with Brian Krebs, the company’s chief executive and owner Karen Christianson said that the attack had affected all of their core services, such as Internet service and email, access to patient records, client billing and phone systems, and even the company’s own payroll operations that serve 150 employees.
The care facilities that VCPI serves access their records and other systems outsourced to VCPI by using a Citrix-based virtual private networking (VPN) platform, and Christianson said restoring customer access to this functionality is the company’s top priority right now, Krebs said in a blog post.
Furthermore, Christianson has shared that their employees have been asking for the payroll. However, the primary concern for the company now is restoring the electronic medical records back up and handling the life-threatening situations first.
The ongoing ransomware attack against VCPI is just one example of a series of ransomware attacks against healthcare organizations. Another recent example of such an incident is the attack against a 1,300-bed hospital in France. The attack led to “very long delays in care” and forced hospital staff to use pen and paper.
Unfortunately, a new research suggests that patients can suffer even after the health organization settles from a ransomware attack. The research carried out by Vanderbilt University‘s Owen Graduate School of Management says that hospitals and care facilities that have suffered a data breach or ransomware attack can expect an increase in the death rate among certain patients in the following months or years. This increase is due to cybersecurity remediation efforts.