System outages due to ransomware attack

OMAHA, Neb. (WOWT) – CHI Health said Wednesday that the cybersecurity incident its parent company has been battling for more than a week was due to a ransomware attack.

CHI Health sent a news release out hours after representatives told 6 News that the attack had caused them to make “temporary adjustments, including rescheduling or delaying certain appointments or procedures on a case-by-case basis.”

“Upon discovering the ransomware attack, CommonSpirit took immediate steps to protect our systems, contain the incident, begin an investigation, and ensure continuity of care,” says the release.

“Patients continue to receive the highest quality of care, and we are providing relevant updates on the ongoing situation to our patients, employees, and caregivers. Patient care remains our utmost priority and we apologize for any inconvenience this matter has created.”

Initially report Monday, Oct. 3, as an IT security issue, the problem forced CHI Health to take some of its systems offline.

“This particular incident right now is a little bit unknown,” says Tony Sabaj, a cybersecurity expert with Check Point, a global company that helps organizations, including some major health systems, protect against and respond to cyber incidents.

Sabaj said it’s not uncommon for health systems to be targeted by ransomware.

“Ransomware actors will go after health care organizations because they’re more apt to pay ransomware attacks to get their systems back online so they can do lifesaving work and not affect patient care,” he says.

But there are other reasons why attackers go for health systems.

“Healthcare records and healthcare information sells for a lot of money on the dark web,” he says. “A full health record of an individual on the dark web is going to sell for anywhere from $250 to $1,000 per record, and if you compare that to credit card information, even if it’s complete credit card information, that will go for $1 or $2.”

Attackers can then use that information to commit more healthcare frauds and scam patients.

Based on how long CHI Health and CommonSpirit have been dealing with the cyber incident, Sabaj says he suspects one of two things is happening.

“They could be negotiating with the ransomware, with the bad actors for maybe lower payments.”

More likely, he said, “they could be trying to do a full-blown recovery and not pay the ransom, the recovery efforts usually take a very long time, rebuilding systems, restoring from backup, making sure your backups don’t have any security vulnerabilities in them that will cause this to happen again in the next days weeks months.”

Since the attack, CHI Health workers and nurses tell 6 News they’ve been forced to go back to doing everything by hand, including charting patient information, which takes far longer.

CommonSpirit said in a release that they’re working to resolve the issue:

“Our facilities are following existing protocols for system outages, which includes taking certain systems offline, such as electronic health records. In addition, we are taking steps to mitigate the disruption and maintain continuity of care. To further assist and support our team in the investigation and response process, we engaged leading cybersecurity specialists and notified law enforcement. We are conducting a thorough forensics investigation as we restore full functionality and reconnect our systems.

Central to our decision-making has been and will continue to be our ability to carry out our mission in a manner that is safe and effective to those we serve.”