Sky Lakes Medical Center and St. Lawrence Health System Experience Ransomware Attacks

Two hospitals, St. Lawrence Health System in New York and Sky Lakes Medical Center in Klamath Falls, OR, have encountered ransomware attacks which led to the shutdown of their computer systems and have compelled physicians to use pen and paper to document patient data. The two ransomware attacks happened on Tuesday, October 27, 2020 and involved the Ryuk ransomware.

Sky Lakes Medical Center made an announcement on its Facebook page that although its computer systems are offline, it will continue to provide patient care. Its emergency and urgent care departments stayed open and in full operation. The majority of booked elective procedures continued as scheduled. At this point, there is no evidence found that suggests the compromise of any patient information; but the investigation is just in its beginning stages.

The ransomware attack on St. Lawrence Health System was discovered a few hours after the preliminary compromise. A statement issued by St. Lawrence Health System indicated that its IT department took its systems offline to try to control the attack and avoid the spread of the ransomware to the entire network.

According to the report, the ransomware attack affected three of St. Lawrence Health System’s hospitals – Gouverneur Hospital, Canton-Potsdam Hospital, and Massena Hospital. As a precautionary step, the ambulances were redirected from the affected hospitals to make sure that patients are provided with proper care.

Like the ransomware attack on Sky Lakes Medical Center, there is no evidence found yet that suggest the compromise of patient data, even if the Ryuk ransomware gang is previously identified to exfiltrate patient information before encrypting files.

CISA and the FBI issued a joint advisory this week, together with the HHS’ Department of Health and Human Services, to warn hospitals and public health sector institutions about the rising targeted Ryuk ransomware attacks. There is convincing evidence that suggests the number of attacks on hospitals and other healthcare organizations would most likely go up.

Healthcare providers are being instructed to take action to protect their systems from ransomware attacks. Indicators of compromise were publicized as well as mitigation measures to give assistance in preventing attacks and identifying attacks in progress.