DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Valley Health System recovering from ransomware attack while maintaining patient care

Posted on August 28, 2020 by Dissent

Valley Health Systems (VHS) has joined the unfortunate ranks of health systems that have fallen prey to a ransomware attack.

VHS provides primary and preventative care to approximately 75,000 patients each year in southern West Virginia, southeastern Ohio and eastern Kentucky, operating more than 40 healthcare facilities. Their 2019 annual report noted that their sliding fee program had nearly doubled from FY 2018 to FY 2019.   As the report noted, the number of patients receiving discounts had not increased during 2019, but the amount of services VHS provided to the uninsured and under-insured did increase. The largest category of sliding fee patients is “Slide A,” meaning the individual or family is at 100 percent of the federal poverty level guidelines and receives the most heavily discounted or free services.

So VHS was providing more services to patients without the insurance or financial means to otherwise obtain medical care and other services VHS offers. And when the pandemic hit, VHS responded to the challenge to care for the community while protecting the safety of its staff.

None of its good deeds apparently make a bit of difference to criminals who only care about money.

When contacted by DataBreaches.net, VHS confirmed that a ransomware attack had disrupted access to some VHS computer systems. In a statement provided to this site, they explain:

Upon discovery of the incident early on August 22, we immediately implemented emergency procedures to continue providing safe patient- and family-centered care. Valley Health teams quickly initiated a comprehensive response that included engaging independent IT and forensic experts who are working around the clock to help us investigate and resolve this incident. While some of our systems are still affected, medical staff at Valley Health are still able to provide services and safe care to our patients.

Although the VHS statement does not indicate the type of ransomware or the amount of ransom demanded, the Sodinokibi (“REvil”) threat actors had identified VHS on their leak site, writing,

Hello, we have downloaded your private data, info about clients and employees and we are ready to publish it in our blog if you didn’t contact us.

next part will be with confidential information.

Actually, they already dumped some confidential information. REvil provided some screenshots and files as proof of access.  One screenshot showed a Reports directory consisting of a list of folders where each folder name was a patient’s name.  Another screenshot showed a patient record involving prescription opioid management.

The majority of files in the sample download section were .dcm (image) files, but many of the image files also contained text. There were also two patient folders with unencrypted patient information included.

VHS addressed the data release in their statement to this site:

Unfortunately, the threat actor has released some of our information. We are doing everything we can to understand what information is at risk and to protect patient information. We are committed to completing a full forensic review following the resolution of this outage, and we will take all appropriate action, which may include notifying affected patients, in response to our findings. We have also taken steps to notify the FBI and intend to fully cooperate with any investigation into this incident.

VHS’s statement continued:

Our providers and staff remain focused on meeting the healthcare needs of our community. Rest assured, we are maintaining our high standards of care. We sincerely apologize for the frustration and inconvenience this has caused, especially to our patients and dedicated staff. Valley Health appreciates the understanding of our community and are especially grateful for the hard work of our staff to get us through this situation.

Although some ransomware groups have publicly pledged that they do not attack medical providers,  the Sodinokibi threat actors have never made any such pledge.

Category: Health DataMalwareOf NoteU.S.

Post navigation

← Over 54,000 scanned NSW driver’s licences found in open cloud storage
ANNOUNCE: Free cybersecurity help for Canadian charities and non-profits →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach
  • Hacker who breached communications app used by Trump aide stole data from across US government
  • Massachusetts hacker to plead guilty to PowerSchool data breach
  • Cyberattack brings down Kettering Health phone lines, MyChart patient portal access (1)
  • Gujarat ATS arrests 18-year-old for cyberattacks during Operation Sindoor
  • Hackers Nab 15 Years of UK Legal Aid Applicant Data
  • Supplier to major UK supermarkets Aldi, Tesco & Sainsbury’s hit by cyber attack with ransom demand
  • UK: Post Office to compensate hundreds of data leak victims
  • How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy
  • Massachusetts Senate Committee Approves Robust Comprehensive Privacy Law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.