Sophie Carson, Milwaukee Journal Sentinel
Russian hackers are holding hostage data from a Milwaukee-based company that provides technology services to more than 100 nursing homes across the country after the company couldn't afford a $14 million ransom demand.
The hack against Virtual Care Provider Inc., which provides internet security and data storage services to nursing homes and acute-care facilities, means that some locations cannot access patient records, use the internet, pay employees or order crucial medications.
Virtual Care Provider Inc. said on its website it was working to restore services after the Nov. 17 attack. In an interview with cybersecurity reporter Brian Krebs, who runs the blog KrebsOnSecurity.com, chief executive Karen Christianson said the ransomware attack has affected 80,000 computers.
Some affected facilities could be forced out of business, and patients' health is at risk if the data is not accessible, Christianson told Krebs.
“We have employees asking when we’re going to make payroll,” Christianson said. “But right now all we’re dealing with is getting electronic medical records back up and life-threatening situations handled first.”
In a statement to the Milwaukee Journal Sentinel on Saturday night, Virtual Care President Zachary Koch said the company has launched an internal investigation and hired security experts.
"We take seriously our responsibility to protect the security and privacy of our customers’ data and are working diligently to restore these systems as quickly and safely as possible. Our investigation remains ongoing. We regret any concern this may cause," it reads in part.
The impact on the 110 health care facilities varies based on how much data each gave Virtual Care, Krebs told the Journal Sentinel. Some might have simply used the company for tech support, while others relied on the firm to host their websites, email systems, phone lines and patient records.
In Wisconsin, the Lutheran Home and Harwood Place in Wauwatosa, which contract with the company for their IT services, were affected by the breach. But it did not disrupt patient care because it has a parallel system for accessing medical records, said Stephanie Leanes, director of caregiver support for the facilities.