PA Health System, Health IT Vendor Affected by Global “Petya” Ransomware Attack

Jan. 29, 2018
Pennsylvania-based Heritage Valley Health Systems and Nuance Communications have confirmed their companies were victims of a global ransomware cyber attack, which some are referring to as the “Petya” ransomware virus, that hit multinational companies Tuesday.

Heritage Valley Health Systems, based in Beaver, Pennsylvania, has confirmed that it was a victim of the global ransomware cyber attack, which some are referring to as the “Petya” ransomware virus, that hit multinational companies Tuesday, with companies across Europe, Russia and Ukraine hit especially hard, as previously reported by Healthcare Informatics.

U.S.-based drug maker Merck also was impacted by the malware incident as was Nuance Communications, a Burlington, Mass.-based technology company that provides cloud-based dictation and transcription service to hospitals and health systems.

NPR, in an online article, reports that the cyber attack has struck computers in at least 65 countries and that Microsoft says the ransomware can be traced to a Ukrainian company’s tax accounting software.

The incident at Heritage Valley affected the entire health system, including two hospitals and satellite and community locations scattered across western Pennsylvania, and the health system took its IT systems down, officials at Heritage Valley Health System stated on its website. The health system serves four Pennsylvania counties as well as parts of Ohio and West Virginia.

The health system set up a page, titled “Updates on the Cyber Security Incident at Heritage Valley Health System,” and posted at 11:35 am Tuesday, “Heritage Valley Health System has been affected by a cyber security incident. The incident is widespread and is affecting the entire health system including satellite and community locations. We have implemented downtime procedures and made operational adjustments to ensure safe patient care continues un-impeded.”

On Tuesday afternoon, the health system confirmed that the incident “has been identified as the same ransomware attack that affected a number of organizations globally. Corrective measures supplied by our antivirus software vendor have been developed and are being implemented and tested within the health system. Additionally, other restorative measures are being undertaken at this time. Heritage Valley continues to implement downtime procedures and make operational adjustments to ensure safe patient care.”

Local newspaper The Beaver County Times reported this morning that the health system was still attempting to restore it systems. The newspaper quoted Heritage Valley spokeswoman Suzanne Sakson who stated that the health system is “confident that it has identified the cause and is systematically restoring registration, clinical patient and ancillary care systems.”

Nuance Communications confirmed via its website and on Twitter that its network also had been affected by the global malware incident. On its website, the company stated, “Nuance Communications, Inc. indicated that on Tuesday, June 27, portions of its network were affected by a global malware incident, which also affected many other companies and organizations worldwide. As soon as the company became aware of the situation, it took measures to contain the incident and assess the extent of the impact on its network. Nuance has engaged leading security experts to assist in responding to the incident.”

The company also said it would provide updates about the situation via Twitter @nuanceinc.

Several hospital users alerted the media to Nuance’s network being down prior to the company’s written confirmation. According to a Nuance company fact sheet, the company’s healthcare solutions are deployed in 86 percent of all U.S. hospitals. More than 500,000 clinicians and 10,000 healthcare facilities worldwide use the company’s clinical documentation solutions.

New Jersey-based pharmaceutical company Merck was another U.S.-based company affected by the Petya cyber attack, which demanded that victims pay a ransom or have their company networks remain locked and inaccessible. According to an article in The Washington Post, Merck also has a European presence, with an office in Ukraine, where many of the ransomware attacks were concentrated.

“Merck employees arrived at their offices Tuesday morning only to find a ransomware note on their computers,” the WP article stated. Merck confirmed via Twitter Tuesday morning that “its network was compromised as part of global hack.”

What’s more, the Washington Post article also reports, “Employees were told to get off their computers and go home, said one scientist who works at a Merck lab in New England. ‘Some people looked like they had their hardware wiped — it just shut down the whole network site,’ said the employee, who spoke on the condition of anonymity because she was not authorized to speak on the record.” All U.S. offices of Merck were affected, the employee told the Washington Post.

Homeland Security officials also responded to the global ransomware incident. In a warning sent out to U.S. Department of Health and Human Services (HHS) listservs, the U.S. Computer Emergency Readiness Team stated, “US-CERT has received multiple reports of Petya ransomware infections in many countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users' access to the infected machine until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.”

“Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB). US-CERT encourages users and administrators to review the US-CERT article on the Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010 (link is external). For general advice on how to best protect against ransomware, review US-CERT Alert TA16-091A. Please report any ransomware incidents to the Internet Crime Complaint Center (IC3).”

Photo 103483001 © Leowolfert |
Photo 95433616 © Benjawan Sittidech |
Photo 97681210 © Marko Bukorovic |
Photo 213710213 © Anyaberkut |