Estes Park Health impacted by a ransomware attack

Estes Park Health based in Colorado suffered from one ransomware attack that happened on Jun. 2, 2019, impacting their network, email services, and phone services.

On Jun. 2, 2019, the staff of Estes Park Health noticed that the computer systems are operating abnormally. So to check, on-call IT technician also logged into system by using his home computer. He also detected the computer problems, where certain files started getting locked in front of on-call IT technician. The ransomware has taken control and then locked down the programs, data, and files.

The software of the clinic has been first locked down by the hackers, along with digital imaging software which holds images of the X-rays. The officials said that those areas were hit the hardest. Once discovered, the healthcare center immediately shut down the system, including servers as well as access to data center.

"IT has a software package running in the background that logs anything that leaves the data center, and nothing left during that time. They weren't interested in taking our information, just in locking it up," Larry Leaming, the Estes Park Health CEO, told Trail Gazette.

Estes Park Health was left without the network access or phone service. Luckily, the provider had the incident response program which was initiated in order to begin remediating the immediate concerns, started with communications. The staffs were provided cell phones. The computer system backup was paper, and so the staff has entered all the patient data in paper with pen while systems were down.

The healthcare center also notified promptly its insurance company, law enforcement authorities, and FBI. Moreover, the EPH officials also contacted the cybersecurity company connected with their insurance company in order to gain insight about how to proceed.

Leaming said that "likely the only way to restore the software in the clinic and the only way we were able to restore the imaging and so forth is because our insurance company paid the ransom money and we were able to get the keys to unlock those files".

The cybersecurity team of the insurance company contacted the attackers who are behind this ransomware attack and do the negotiations. The negotiation finally settled in an agreed ransom amount of $10,000.

However, an initial ransom amount has been paid first that has unlocked only some files. The EPH needed to pay these attackers more for unlocking all encrypted files.

» SPAMfighter News - 7/8/2019