Derby’s Griffin Hospital website taken down in major ransomware incident
DERBY — Griffin Hospital is the indirect victim of a ransomware attack, with its website going offline this week but patient information not exposed, officials said.
The attack is being directed against Managed.com, which administers the Derby hospital’s website. In ransomware attacks, hackers encrypt data and demand payment in an untraceable cryptocurrency as a condition to restoring access. The breaches often occur in “phishing” emails sent to an individual employee to dupe them into clicking on a link that installs the ransomware software and takes a system hostage.
In entering the URL for Griffin Hospital or Managed.com, web browsers returned error messages. Griffin Health has cobbled together an alternative website at griffinhealthct.org while it deals with the issue, with the telephone switchboard remaining operable at 203-735-7421.
As of Thursday morning, the Griffin Hospital placeholder website did not furnish any information on the incident, but includes a password-enabled patient portal; a bill payment link; and information on how to schedule a test for the COVID-19 virus among other functions.
Griffin spokesperson Christian Meagher said no personal health information has been compromised in the Managed.com hack.
“There was no exposure whatsoever,” Meagher said. “Those are secure on another (system). ... The website was mostly informational and links, so that was some of the situation — people will usually go through the website to get to their health records.”
Managed.com reported on Monday an incident affecting its systems, then confirmed Tuesday it was the result of a ransomware attack. The company did not provide detailed information, but indicated it took all customer sites offline as a precautionary step and that it is working with law enforcement, with no further update as of Thursday morning.
The websites for Connecticut’s other acute-care hospitals loaded correctly as of Thursday morning. In late October, the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency warned that ransomware perpetrators were stepping up their activities against health systems. Last month, state Rep. Caroline Simmons, D-Stamford, signaled her intent to introduce legislation in next year’s Connecticut General Assembly session with the goal of better protecting Connecticut businesses and residents from ransomware and other cybersecurity threats.
Connecticut has an existing Cyber Disruption Response Plan to coordinate in the wake of any major incident, and asks entities to report all hacks including those that are unsuccessful to the Connecticut Intelligence Center at email@example.com.
Real Estate Listings
Ransomware attacks are up tenfold this year according to a survey of managed-services providers by Datto, a Norwalk company which provides data backup services. This week, the refrigerated warehouse giant Americold reported a cybersecurity incident, with several trade publications reporting it as a ransomware incident.
Other ransomware attacks this fall have hit Mattel; office furniture company Steelcase; and the company furnishing statistics used by the DraftKings and FanDuel fantasy sports websites.
Datto calculated an average cost of recovering systems at nearly $275,000. Some victim organizations choose to have their systems rebuilt rather than pay crooks, whether on principle, fears they will be targeted again, or that the perpetrators will take the money and run without restoring data.
In June, Eastern Connecticut Health Network reported that one of its hospitals was hit with malware, but that it was able to isolate the issue. Patient lab testing information was exposed on some patients, including their birth dates, but ECHN indicated it found no evidence the information has been misused at its facilities which include Manchester Memorial Hospital and Rockville General Hospital in Vernon.
Alex.Soule@scni.com; 203-842-2545; @casoulman