DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Valley Health System recovering from ransomware attack while maintaining patient care

Posted on August 28, 2020 by Dissent

Valley Health Systems (VHS) has joined the unfortunate ranks of health systems that have fallen prey to a ransomware attack.

VHS provides primary and preventative care to approximately 75,000 patients each year in southern West Virginia, southeastern Ohio and eastern Kentucky, operating more than 40 healthcare facilities. Their 2019 annual report noted that their sliding fee program had nearly doubled from FY 2018 to FY 2019.   As the report noted, the number of patients receiving discounts had not increased during 2019, but the amount of services VHS provided to the uninsured and under-insured did increase. The largest category of sliding fee patients is “Slide A,” meaning the individual or family is at 100 percent of the federal poverty level guidelines and receives the most heavily discounted or free services.

So VHS was providing more services to patients without the insurance or financial means to otherwise obtain medical care and other services VHS offers. And when the pandemic hit, VHS responded to the challenge to care for the community while protecting the safety of its staff.

None of its good deeds apparently make a bit of difference to criminals who only care about money.

When contacted by DataBreaches.net, VHS confirmed that a ransomware attack had disrupted access to some VHS computer systems. In a statement provided to this site, they explain:

Upon discovery of the incident early on August 22, we immediately implemented emergency procedures to continue providing safe patient- and family-centered care. Valley Health teams quickly initiated a comprehensive response that included engaging independent IT and forensic experts who are working around the clock to help us investigate and resolve this incident. While some of our systems are still affected, medical staff at Valley Health are still able to provide services and safe care to our patients.

Although the VHS statement does not indicate the type of ransomware or the amount of ransom demanded, the Sodinokibi (“REvil”) threat actors had identified VHS on their leak site, writing,

Hello, we have downloaded your private data, info about clients and employees and we are ready to publish it in our blog if you didn’t contact us.

next part will be with confidential information.

Actually, they already dumped some confidential information. REvil provided some screenshots and files as proof of access.  One screenshot showed a Reports directory consisting of a list of folders where each folder name was a patient’s name.  Another screenshot showed a patient record involving prescription opioid management.

The majority of files in the sample download section were .dcm (image) files, but many of the image files also contained text. There were also two patient folders with unencrypted patient information included.

VHS addressed the data release in their statement to this site:

Unfortunately, the threat actor has released some of our information. We are doing everything we can to understand what information is at risk and to protect patient information. We are committed to completing a full forensic review following the resolution of this outage, and we will take all appropriate action, which may include notifying affected patients, in response to our findings. We have also taken steps to notify the FBI and intend to fully cooperate with any investigation into this incident.

VHS’s statement continued:

Our providers and staff remain focused on meeting the healthcare needs of our community. Rest assured, we are maintaining our high standards of care. We sincerely apologize for the frustration and inconvenience this has caused, especially to our patients and dedicated staff. Valley Health appreciates the understanding of our community and are especially grateful for the hard work of our staff to get us through this situation.

Although some ransomware groups have publicly pledged that they do not attack medical providers,  the Sodinokibi threat actors have never made any such pledge.

No related posts.

Category: Health DataMalwareOf NoteU.S.

Post navigation

← Over 54,000 scanned NSW driver’s licences found in open cloud storage
ANNOUNCE: Free cybersecurity help for Canadian charities and non-profits →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.