NBC News Report: Attack on Navajo Nation Hospital Far More Damaging Than First Understood
NBC News on March 3 published an article online reporting that the extent of a cyberattack from earlier this year that hit a Navajo Nation hospital in New Mexico was far more damaging than had first been reported. As NBC News’s Kevin Collier wrote, “When Rehoboth McKinley Christian Health Care Services in Gallup, New Mexico, was hit with a cyberattack earlier this year, the hospital's staff had to revert to pen and paper to keep things running. Publicly available details about the hack are scarce, and the hospital has declined to comment beyond confirming that the security breach briefly forced its staff off its computers,” he wrote. “But sensitive employee files posted online by a hacker group known for ransomware attacks and seen by NBC News indicated just how deep an attack the hospital had suffered: files on everything from job applications and background checks to staff injury reports.”
In fact, Collier wrote, “The hacker group that breached Rehoboth stole sensitive employee files, such as job applications and background check authorizations that included Social Security numbers, and posted them to its website in an apparent attempt to extort the hospital for payment.” And he quoted a surgeon who had worked at the hospital, in terms of the impact of a variety of developments there. “Seems like there’s all kinds of unfortunate things happening at that hospital over the last year, with the pandemic and everything,” Dr. Ravij Patel, a surgeon who left the hospital around the upheaval last year and who confirmed his information was posted online, told Collier.
“Rehoboth, a rural not-for-profit hospital that serves about 20,000 patients a year—a majority of them members of the Navajo Nation—was already in a difficult position,” Collier continued. “The only major nongovernment hospital in its region, Rehoboth fired its CEO last year after staffers accused him of mismanagement when it was understaffed and overrun with Covid-19 cases. Patel, as well as three other people who had worked at or applied to the hospital whose private information was also among the files that the hackers posted all told NBC News that they had not been alerted to the incident or received any notice from the hospital.”
“The idea is that if the victim won’t pay to decrypt their files, they will pay to avoid having those files widely shared,” Allan Liska, a ransomware analyst at the cybersecurity company Recorded Future, told Collier. “Some industries, such as health care, are more sensitive to having files exposed than others.” Further, Collier stated, “The hacker group did not respond to emailed questions. Earlier in February, the same gang published tens of thousands of patient medical records from two other American hospital chains it had attacked.”
Gizmodo’s Lucas Ropek wrote on March 3 that “Incidents like this are a good example of how hackers will target weak, belabored institutions, making whatever that organization is going through that much worse. Rehoboth was already under a lot of pressure prior to the attack. Not only is it one of the only medical facilities in its area, it’s also one of the primary regional healthcare providers for a population that has been ravaged by the covid-19 crisis: the indigenous tribe of the Navajo Nation. The Navajo have seen one of the highest covid infection rates in the country,” he continued. “The 175,000-person tribe—whose communities are spread across territories in Arizona, New Mexico and Utah—has seen upwards of 29,000 recorded cases and at least 1,184 deaths. The infection rate has, at times, surpassed that of New York. In December, the Navajo Times reported that some 68 chapters of the tribe were seeing ‘out of control’ infection rates. Just Tuesday, the tribe reported 14 more fatalities related to the virus.”
And, Ropek wrote, “This swell of cases is thought to have been spurred by a number of interrelated factors, including high levels of poverty, cramped living quarters and pre-existing health conditions. Limited internet access is another potential issue (indigenous tribes are thought to be some of the least “connected” populations in the country), as it may mean less access to reliable information regarding the virus and how to avoid it. Critics also say there are simply not enough healthcare resources regionally, and the federally funded healthcare entities that do exist are underfunded.”
A report by Crowdstrike offered ominous insights into current trends. In a report published on Jan. 7, Crowdstrike’s Kurt Baker wrote that “The global pandemic has caused ransomware actors to prey on certain industries. One of their main targets are healthcare organizations. Data from the 2021 CrowdStrike Global Threat Report shows that over 100 healthcare organizations have already been targeted by Big Game Hunters during COVID-19. This comes after Big Game Hunters such as TWISTED SPIDER claimed they would refrain from infecting medical organizations until the pandemic has stabilized,” Baker wrote. “As it turns out, TWISTED SPIDER was responsible for at least 26 successful healthcare ransomware infections with their Maze and Egregor families.”
Further, Baker wrote, “Another interesting trend is the increasing number of attacks that use data extortion tactics. This is summarized within CrowdStrike’s Ransomware During 2020 Infographic. There were 1,430 attacks detected by CrowdStrike Intelligence services that used data extortion according to the 2021 CrowdStrike Global Threat Report.” Indeed, he noted, “The healthcare sector was ranked in the top five targets for blackmail in ransomware data last year, with 97 incidents reported.” This is an increase of 580 percent compared to the pre-pandemic period (Q1 2020).
Baker noted that “The global pandemic has caused ransomware actors to prey on certain industries. One of their main targets are healthcare organizations. Data from the 2021 CrowdStrike Global Threat Report shows that over 100 healthcare organizations have already been targeted by Big Game Hunters during COVID-19. This comes after Big Game Hunters such as TWISTED SPIDER claimed they would refrain from infecting medical organizations until the pandemic has stabilized. As it turns out, TWISTED SPIDER was responsible for at least 26 successful healthcare ransomware infections with their Maze and Egregor families. Another interesting trend is the increasing number of attacks that use data extortion tactics. This is summarized within CrowdStrike’s Ransomware During 2020 Infographic. There were 1,430 attacks detected by CrowdStrike Intelligence services that used data extortion according to the 2021 CrowdStrike Global Threat Report,” he wrote.