A ransomware attack on NRC Health occurred on February 11, 2020, which impacted some of the provider’s computer systems. NRC Health is a patient survey services and software provider to over 9,000 healthcare companies, which include 75% of the biggest hospital systems in the U.S.A, and Canada.
NRC Health promptly did something to restrict the harm and closed its whole environment, which includes its client-facing websites. A prominent computer forensic investigation company was hired to ascertain the nature and magnitude of the ransomware attack. It also reported the incident to the Federal Bureau of Investigation.
The NRC Health website stated that it collects the information of over 25 million healthcare consumers in the U.S.A. and Canada every year. NRC conducts patient surveys on behalf of its clients, which shows that its patients are happy with the services they acquired. That data is essential for the improvement of patient care and knowing the amount of Medicare reimbursement received by healthcare providers under the Affordable Care Act. The patient satisfaction scores are also used to know the pay scale of executives and doctors.
NRC Health explained that it had made substantial progress in providing its customers with access to its systems and services and systems will be fully recovered in the next couple of days. NRC Health already sent notifications to its healthcare clients updating them with regards to the attack. Updates are being given to clients every day until the full resolution of the incident.
The notifications of NRC Health stated that the preliminary investigation findings indicate no compromise of any patient information or sensitive client information.
There has been a rise in ransomware attacks on healthcare companies over the last year after attacks declined in 2018. A number of threat groups are stealing patient information before deploying ransomware to compel victims to give in to their ransom demands. Based on the latest analysis by Comparitech, 172 healthcare ransomware attacks were launched since 2016. The cost of those attacks to the healthcare sector is around $157 million.