EXECUTIVE SUMMARY:

Across the United States, healthcare providers are struggling to process payments due to a week-long ransomware outage affecting a linchpin group within the American healthcare industry.

According to the American Hospital Association (AHA), which represents nearly 5,000 hospitals, healthcare networks, and other healthcare providers, some large hospital chains cannot process payments at all.

Smaller healthcare enterprises say that they are running low on cash, while sole-proprietorships (ex. therapists) are on the brink of business collapse on account of the ongoing payment processing problems.

What happened

Reuters’ journalists were unable to gauge the full scale of the issue by press time, however, at least six small businesses across the country – one laboratory and five therapists – stated that they cannot process claims and have thousands of dollars’ worth of overdue payments.

“We are 100 percent down when it comes to billing right now,” said Phil Seubring, the legal director of Michigan-based lab Forensic Fluids.

“I am not getting paid,” reported Junna Wolfson, a California-based clinical social worker who provides therapy to roughly 30 patients per week.

The issue has also affected electronic pharmacy refills and insurance transactions. Some have had to revert to using pen and paper.

Analyst insight

Most healthcare entities aren’t sufficiently resilient to sustain themselves for long throughout this type of outage. While larger organizations will fare better due to their more extensive resources and cash reserves, smaller healthcare groups may suffer.

Restoring core services in the wake of a ransomware attack can take as long as 30 days. For less critical functions, the process can be even more protracted.

Payment clearing

Whether or not payment clearing could be temporarily rerouted through an unaffected group remains to be seen. Hospitals are anxious to hear about workarounds.

Although some healthcare groups may be able to submit claims through an alternate clearing house, the associated fees may eat up a large percentage of the profits.

Nation-state attack

Who’s behind this mess? Thus far, the culprit appears to be a nation-state group; the cyber criminal gang known as BlackCat or ALPHV.

BlackCat or ALPHV’s activities have resulted in hundreds of millions of dollars’ in losses worldwide.

In December of last year, the F.B.I. attempted to dismantle the ransomware ring. While BlackCat/ALPHV was offline for a time, it seems to revive its operations quickly.

Industry action-items

On Tuesday of this week, the F.B.I, the U.S. Cybersecurity and Infrastructure Security Agency and the U.S. Department of Health and Human Services warned hospitals and healthcare facilities, saying that BlackCat/ALPHV threat actors are exploring opportunities to disrupt systems.

The advisory noted that hospitals should close unused network ports, remove applications that aren’t needed for day-to-day operations, and prioritize the remediation of known vulnerabilities that are actively under exploit.

Further details

The U.S. Department of State is offering a $10 million reward for information about the identity and location of BlackCat/ALPHV’s leadership. It’s offering an additional $5 million for information resulting in the arrest or conviction of the group’s members.

For more on this story, please visit Reuters. Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.