Ransomware Hacker Threat Hits the Home Health Industry

An Internet scam that has been targeting everyone from ordinary online users to local police departments has now set its sights on the home health care sector.

Ransomware is one of the latest cybersecurity threats used by hackers to gain access to a person’s or organization’s sensitive data, in return charging victims a price to get access back.

While the structure of the scheme may vary depending on the perpetrator behind it, the attack is typically characterized by a malicious software that holds personal data files ransom behind an encryption, with the only way of accessing them again by paying a ransom.

Such was the case last December, when San Antonio-based home health company Caring Senior Service fell victim to the scheme that affected a network of nearly 30 computers, reports The Detroit News.

Although most of the company’s files had been backed up in a location where hackers could not access them, one computer was not. As a result, hackers were able to capture marketing materials from Caring Senior Service, a franchise with 55 locations.

To get these files back, Caring Senior Service paid a $500 ransom—far less than the anticipated costs of having to create the materials from scratch.

“It would have cost us $50,000 to try to spend the time to recreate the stuff,” said Caring Senior Service President and CEO Jeff Salter in The Detroit News article.

Whether it is a single internet user or a Fortune 500 company, ransomware attacks can affect anybody, and not even the police are safe from these scams.

In June, the Durham, New Hampshire police department fell prey to ransomware when an employee clicked on a “legitimate-looking email.” In efforts to resolve the breach, the department’s 20 computers were cleared of the ransomware and files were restored from a backup system.

In another instance of a ransomware attack on law enforcement, the Swansea, Massachusetts police force ended up paying a $750 ransom, said The Detroit News.

One ransomware scheme originating in Russia even used U.S. federal law enforcement as a false front to get victims to pay up for their seized data.

The hacker group used a money-stealing software known as Svpeng, which had infected as many as 350,000 Google devices last year, reports Forbes.

When targeting users in the U.S., the group sent penalty notification letters on victims’ screens, using the official seal of the Federal Bureau of Investigation. Claiming that the user victim had been looking at illegal pornographic material, the group demanded $200 in the form of Green Dot’s MoneyPak cards.

This week, the Russian Ministry of Internal Affairs announced the arrest of a 25-year-old believed to be the creator of that particular ransomware scheme.

While the attack on Caring Senior Service is one of the few known instances in which a home health care company was specifically targeted by ransomware, it surfaces as the broader health care industry comes to grips with its own susceptibility to data breaches in what some have been calling “The Year of the Healthcare Hack.”

In February, Anthem, Inc., the nation’s second-largest health insurer garnered widespread media attention after reports surfaced that the company suffered one of the biggest data breaches disclosed by a health care company. The breach reportedly affected 80 million customers—nearly 1 in 4 Americans.

More recently, on a smaller scale, Pacific Northwest-based insurer Premera Blue Cross last month reported hackers potentially accessed the health profiles of up to 11 million customers, including sensitive data involving Social Security numbers, emails, birthdays, addresses and banking information.

Around the same time, Amedisys (NASDAQ: AMED), one of the home health industry’s biggest providers, notified nearly 7,000 of its patients who may have had their personal health information subject to a data breach.

Caring Senior Service could not be reached for comment as of press time. 

Written by Jason Oliva