It has been reported that the gang is now auctioning the system’s stolen data through its darknet website. If it is not purchased at auction within six days, the gang has vowed to leak the data.
However, there appeared to be dozens of folders with an undisclosed amount of data, mostly concerning finances, but nothing related to medical records of patients.
The gang claimed that Crozer-Keystone Health System failed to pay for the ransom they demanded in Bitcoin (BTC).
Likewise, the healthcare system addressed the incident through DataBreaches.net. They did not provide details regarding the ransom amount, or confirm whether patient data was compromised.
The healthcare system stated:
“After quickly identifying a recent malware attack, the Crozer-Keystone information technology team took immediate action and began remediating impacted systems. Having isolated the intrusion, we took necessary systems offline to prevent further risk. We completed this work in collaboration with cybersecurity professionals across our healthcare system and are currently conducting a full investigation of the issue.”
Brett Callow, the threat analyst at malware lab Emsisoft, said:
“Attacking a hospital system is a despicable and unconscionable act, especially in the middle of a pandemic. A number of ransomware groups stated they would not attack healthcare providers for the duration of the pandemic and, somewhat surprisingly, they have been good to their word. NetWalker was not one of those groups.”
As per the report, Callow warned about the dangers of such attacks by noting that they can be extremely disruptive and potentially put lives at risk. He recalled that during previous incidents, hospitals have had to effectively close their doors and reroute emergency patients to other hospitals.
Thus, he said:
“This is the last thing that’s needed at a time when healthcare services are already stretched to the limit due to Covid-19.”