When Sturdy Memorial Hospital in Attleboro, Massachusetts, was hacked in early February, it eventually decided to pay the ransom in order to protect patient information. A more recent cyberattack discovered May 31 at UF Health Central Florida and The Villages in Leesburg, Florida, has forced UF Health to resort to paper documentation.
The ransomware incidents, although hundreds of miles apart, point to a growing trend of cyberattacks aimed at health care facilities.
“We paid the ransom to obtain assurances that the information acquired without authorization would not be further distributed and had been destroyed,” Sturdy Memorial hospital spokesperson Kathi Hague told The Sun Chronicle. “We are not disclosing the amount of ransom paid. We reported the incident to the FBI.”
The personal information in jeopardy may have included names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers and financial data. Sturdy Memorial sent letters to patients informing them of the issue and recommending they keep a close watch of their financial statements. For individuals whose Social Security numbers and/or drivers’ license numbers may have been compromised, the hospital offers credit monitoring and identity protection services free of charge.
In Leesburg, meanwhile, the investigation of the ransomware attack, reported by News 6 on June 4, is ongoing as the hospital has suspended access to most system platforms, including email and computer connections between UF Health Central Florida and UF Health’s other campuses. Additionally, it has adopted paper documentation procedures and is in the process of implementing a series of backup procedures to enable staff to continue to provide inpatient and outpatient care while the IT team determines the root of the attack and potential risks to patient information.
“These types of situations take time to fully resolve,” said a statement issued by UF Health. “We are working diligently to shift back to our main systems as soon as possible.”