Hackers Target 100+ Nursing Homes in Ransomware Attack

A ransomware attack has hit a tech services provider, locking more than 100 nursing homes out of patient records, payroll systems, and medication-ordering services.

Milwaukee, Wisconsin-based Virtual Care Provider notified clients of the attack the day after it was discovered. About 20% of the company’s servers have been affected so far. VCP says it does not yet know if client data has been compromised. Hackers are demanding $14 million to relinquish control of the company’s systems.

The consequences of the attack could be devastating. Some nursing homes cannot access patient records or order medication. Some doubt they will be able to process employee payroll, says VCP CEO Karen Christianson.  

For nursing homes and other healthcare providers, an interruption in everyday operations can have dire, even life-threatening consequences. Mike Christman, section chief for the FBI's cyber division, told 60 Minutes in August that cyberattacks mostly target healthcare institutions and government agencies precisely because of the high stakes.

VCP says it has launched an internal investigation and is working to estimate damage, restore systems, and beef up defenses.

Cybersecurity firm Hold Security told the Milwaukee Journal Sentinel that Russian hackers have targeted Virtual Care Provider with malicious email attachments for more than 14 months.