Healthcare malware attack caused by Russian intelligence

Featured image

Share this article

Pacific Alliance Medical Center ransomware attack affects 263,000 individuals

In 2017, malware crippled Heritage Valley Health System (HVHS), which has various facilities in western Pennsylvania, parts of eastern Ohio, and the panhandle of West Virginia.

In the short term, the attack impaired HVHS’ ability to provide normal patient care. And in the long term, authorities have discovered that the threat actors damaged more than just a single organization.

This assault appears to be part of a wider strategy by Russian nationals to systematically breach computer systems worldwide.

What happened

The original attack on HVHS occurred on June 27, 2017. Malware (or malicious software) rendered computer systems inaccessible at two hospitals, 60 physician offices, and 18 satellite facilities.

The affected systems contained protected health information (PHI) from patient lists, medical history and physical examination files, and lab records. Thankfully, there was no evidence that the cyberattackers stole or exfiltrated PHI.


Access to critical functions (e.g., cardiology, nuclear medicine, radiology, and surgery) were unusable for a week. In fact, HVHS had to reschedule some surgeries.

In the official 2017 statement, HVHS president Norm Mitry declared:

Through regular mock disaster drills the leadership, physicians and staff train to maintain quality care delivery in any situation. During this time we implemented downtime procedures until systems could be restored.

According to the Justice Department, the breach cost HVHS $2 million to recover.

Conspirators from the Russian Main Intelligence Directorate carried out these attacks. There is no indication that HVHS was specifically targeted.

Global, systematic cyberattacks

According to the October 19, 2020, federal indictment, six hackers and their co-conspirators “deployed destructive malware and took other disruptive actions, for the strategic benefit of Russia, through unauthorized access to victim computers (hacking).”

One of the defendants was also previously charged for interference with the U.S. 2016 presidential elections.

The indictment lists the conspirators as undermining, retaliating against, or otherwise destabilizing computer systems:

  1. 2015–2016 Ukrainian government and other critical infrastructure – malware (BlackEnergy, KillDisk, and Industroyer)
  2. 2017 French presidential elections – spear phishing
  3. 2017 businesses worldwide (including HVHS) – malware (NotPetya)
  4. 2018 efforts to hold Russia accountable for Novichok (nerve agent) attacks – spear phishing
  5. 2018 PyeongChang Winter Olympics – spear phishing and malware (Olympic Destroyer)
  6. 2018–2019 Georgian companies and governmental entities – spear phishing

Cybersecurity professionals tracked these conspirators to even more ransomware such as Sandworm Team, Telebots, Voodoo Bear, and Iron Viking.

RELATED: The Costs of Ransomware Attacks

NotPetya hit several businesses worldwide, along with HVHS, on June 27, 2017. The malware (technically not ransomware) encrypts everything and severely harms a computer’s hard drive. Moreover, its most damaging aspect is the ability to spread on its own.

RELATED: Our Thoughts on Petya and Future Ransomware Variants

Combined losses from the three known NotPetya attacks totaled $1 billion.

What does the indictment mean?

Within the U.S. indictment, the court charged the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.

The men, however, are unlikely to be extradited to the U.S. to face the charges.

Rather than focus on this, however, the case could instead become a deterrence to others as well as a means to hold Russia and hackers worldwide accountable for their actions.

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said John C. Demers, Assistant Attorney General for National Security.

And finally, the indictment could perhaps be used as a learning device for organizations to combat future nation-state cyberattacks—particularly now, as international professionals and organizations have joined together to fight growing malware attacks during the pandemic.

RELATED: Report Warns of Imminent Cybersecurity Threat to U.S. Healthcare Providers

Learning how certain attacks and malware are connected will only provide a means to block them in the future.

How can healthcare organizations protect themselves?

The main question is: How can healthcare organizations protect themselves against malware and nation-state cyberattacks?

Ultimately, the best cybersecurity strategy will always include multiple layers:

Paubox Email Suite Plus employs a strong email filter to stop the onslaught of inbound phishing emails and malware from entering any system through an inbox. And our ExecProtect feature helps protect against display name spoofing.

Don’t let your employees or your organization become a victim of a breach, especially one caused by another nation maliciously. Use the right tools and knowledge to build strong cybersecurity today.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022