DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Valley Health System recovering from ransomware attack while maintaining patient care

Posted on August 28, 2020 by Dissent

Valley Health Systems (VHS) has joined the unfortunate ranks of health systems that have fallen prey to a ransomware attack.

VHS provides primary and preventative care to approximately 75,000 patients each year in southern West Virginia, southeastern Ohio and eastern Kentucky, operating more than 40 healthcare facilities. Their 2019 annual report noted that their sliding fee program had nearly doubled from FY 2018 to FY 2019.   As the report noted, the number of patients receiving discounts had not increased during 2019, but the amount of services VHS provided to the uninsured and under-insured did increase. The largest category of sliding fee patients is “Slide A,” meaning the individual or family is at 100 percent of the federal poverty level guidelines and receives the most heavily discounted or free services.

So VHS was providing more services to patients without the insurance or financial means to otherwise obtain medical care and other services VHS offers. And when the pandemic hit, VHS responded to the challenge to care for the community while protecting the safety of its staff.

None of its good deeds apparently make a bit of difference to criminals who only care about money.

When contacted by DataBreaches.net, VHS confirmed that a ransomware attack had disrupted access to some VHS computer systems. In a statement provided to this site, they explain:

Upon discovery of the incident early on August 22, we immediately implemented emergency procedures to continue providing safe patient- and family-centered care. Valley Health teams quickly initiated a comprehensive response that included engaging independent IT and forensic experts who are working around the clock to help us investigate and resolve this incident. While some of our systems are still affected, medical staff at Valley Health are still able to provide services and safe care to our patients.

Although the VHS statement does not indicate the type of ransomware or the amount of ransom demanded, the Sodinokibi (“REvil”) threat actors had identified VHS on their leak site, writing,

Hello, we have downloaded your private data, info about clients and employees and we are ready to publish it in our blog if you didn’t contact us.

next part will be with confidential information.

Actually, they already dumped some confidential information. REvil provided some screenshots and files as proof of access.  One screenshot showed a Reports directory consisting of a list of folders where each folder name was a patient’s name.  Another screenshot showed a patient record involving prescription opioid management.

The majority of files in the sample download section were .dcm (image) files, but many of the image files also contained text. There were also two patient folders with unencrypted patient information included.

VHS addressed the data release in their statement to this site:

Unfortunately, the threat actor has released some of our information. We are doing everything we can to understand what information is at risk and to protect patient information. We are committed to completing a full forensic review following the resolution of this outage, and we will take all appropriate action, which may include notifying affected patients, in response to our findings. We have also taken steps to notify the FBI and intend to fully cooperate with any investigation into this incident.

VHS’s statement continued:

Our providers and staff remain focused on meeting the healthcare needs of our community. Rest assured, we are maintaining our high standards of care. We sincerely apologize for the frustration and inconvenience this has caused, especially to our patients and dedicated staff. Valley Health appreciates the understanding of our community and are especially grateful for the hard work of our staff to get us through this situation.

Although some ransomware groups have publicly pledged that they do not attack medical providers,  the Sodinokibi threat actors have never made any such pledge.

Category: Health DataMalwareOf NoteU.S.

Post navigation

← Over 54,000 scanned NSW driver’s licences found in open cloud storage
ANNOUNCE: Free cybersecurity help for Canadian charities and non-profits →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report