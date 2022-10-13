CHI Health is still working to recover from what it is now calling a ransomware attack.
The health system, which owns two Lincoln hospitals, St. Elizabeth and Nebraska Heart, as well as a number of clinics in Lincoln, had originally termed the attack on its parent company, CommonSpirit Health, as an "IT incident."
The ALPHV ransomware gang, also known as Black Cat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack. When ransomware gangs conduct attacks, they quietly steal corporate data. After harvesting everything of value, the threat actor starts to encrypt devices.
A ransomware attack typically involves infecting a computer or computer system with malware, which can be done by someone manually loading infected software or by clicking on a malicious link in an email or on a website. The goal of the attack is to gain control over computer systems or files, rendering them unusable.
Once the attackers are in, they are able to demand ransom from organizations in exchange for an encryption key.
“Upon discovering the ransomware attack, CommonSpirit took immediate steps to protect our systems, contain the incident, begin an investigation and ensure continuity of care," CHI Health said in a statement released Wednesday night. "Patients continue to receive the highest quality of care, and we are providing relevant updates on the ongoing situation to our patients, employees and caregivers. Patient care remains our utmost priority and we apologize for any inconvenience this matter has created."
Since the attack was first reported in early October, CHI Health has said it has had to reschedule or delay some appointments and procedures.
"Our facilities are following existing protocols for system outages, which includes taking certain systems offline, such as electronic health records. In addition, we are taking steps to mitigate the disruption and maintain continuity of care," CHI Health said in the statement.
"To further assist and support our team in the investigation and response process, we engaged leading cybersecurity specialists and notified law enforcement. We are conducting a thorough forensics investigation as we restore full functionality and reconnect our systems."
CommonSpirit has not said publicly whether the attack has affected all of its 1,000 care sites, including 140 hospitals, in 21 states. It also has not said whether any patient personal or medical data was stolen.
If it has, it could be, “the most significant attack on the health care sector to date,” Brett Callow, a threat analyst with cybersecurity provider Emsisoft, told The Associated Press last week.
