An IT services company has been hit with a $14 million ransom demand after suffering a major infection which could impact crucial patient care at many of its US nursing home clients, according to reports.
Milwaukee-based Virtual Care Provider Inc. (VCPI) provides cloud hosting, IT managed services, cybersecurity and more to clients across the country, including 110 nursing homes and acute care facilities, according to researcher Brian Krebs.
However, it apparently suffered a Ryuk infection on November 17 affecting all of its clients’ data. The firm is said to manage 80,000 endpoints and servers for its care home customers.
As well as VCPI’s own billing and payroll systems the attack crucially impacted the firm’s IT services to clients including access to patient records.
In some cases, this could be a life-threatening outage, according to CEO Karen Christianson.
“We’ve got some facilities where the nurses can’t get the drugs updated and the order put in so the drugs can arrive on time,” she told Krebs. “In another case, we have this one small assisted living place that is just a single unit that connects to billing. And if they don’t get their billing into Medicaid by December 5, they close their doors. Seniors that don’t have family to go to are then done.”
The incident follows a ransomware attack on a large French hospital last week which resulted in “very long delays in care.”
Healthcare organizations and the third-party companies that serve them are seen as potentially lucrative targets for ransomware authors as they may have less to spend on cybersecurity but are running mission critical services that they simply can’t afford to lapse.
A recent report from Emisoft revealed that there had been 491 ransomware attacks on healthcare providers between Q1 and Q3 this year.
An academic study published earlier this month claimed that data breach remediation efforts by targeted hospitals effectively led to a spike in mortality rates from heart attacks. The same researchers argued that ransomware “might have an even stronger short-term negative relationship with patient outcomes than the long-term remediation efforts studied here.”