The Memorial Health System, a healthcare provider in Ohio and West Virginia, has been struck by a ransomware attack that knocked systems offline and forced hospital staff to use paper charts.

The ransomware attack, detected on Aug. 15, was described by Memorial as an information technology security incident. As a result, user access to IT applications was suspended and temporary disruptions to aspects of clinical applications occurred.

Further, the hospital was forced to cancel all urgent surgical cases and radiology exams on Monday. Primary care appointments went ahead as scheduled.

Along with informing federal law enforcement, Memorial said it’s working with security partners to restore information as quickly as possible. Memorial claimed that there’s no known patient or employee personal or financial information believed to have been compromised.

That last statement turns out to be premature. The attack is believed to have involved the Hive ransomware gang. Hive is known to be a “double-tap” ransomware gang in which they both encrypt and steal data from victims.

Bleeping Computer reported Monday that it has seen evidence that the attackers, in this case, have stolen databases with information belonging to 200,000 patients. That data includes sensitive details such as Social Security numbers, names and dates of birth. The gang also operates a dark web page where it publishes links to stolen data when a ransom is not paid.

“The healthcare industry is one of the largest targets for cybercriminals due to protected health information being extremely profitable on dark web marketplaces because it usually contains fixed information, which hackers can use to commit identity theft for years to come,” Stephan Chenette, co-founder and chief technology officer at security optimization platform provider AttackIQ Inc., told SiliconANGLE. “Additionally, Memorial Health System is a nonprofit organization, which makes it an even more attractive target for cybercriminals because nonprofits are often viewed as having lower defensive maturity and limited cybersecurity expertise.”

Anurag Kahol, co-founder and CTO of cloud access security broker Bitglass Inc., noted that the attack places 200,000 patients at risk of identity theft and fraud.

“To counter ransomware attacks, healthcare organizations must take a proactive approach to security,” Kahol said. “A Zero Trust framework ensures that only authorized users are granted access to their networks and monitors for suspicious activity and potential threats.”

Photo: Memorial Health System