Cybercriminals are reportedly demanding a $14 million extortion payment after using Ryuk ransomware to infect Virtual Care Provider Inc. (VCPI), a company that provides IT consulting and cloud-based data hosting and security services to roughly 110 nursing home operations around the U.S.
The Nov. 17 attack took place at 1:30 a.m. local time, encrypting the data that Milwaukee, Wis.-based VCPI hosts for its clients, cybersecurity expert Brian Krebs reported via his blog site. The resulting fallout potentially threatens elderly patients' lives, especially with care facilities unable to access individuals' medical records and execute timely drug delivery orders. Patients could also be in danger of being displaced if certain care centers are forced to shut their doors.
In addition to patient records, the attack also affects internet access and email, client billing, phone systems and payroll operations, VCPI owner and CEO Karen Christianson told KrebsonSecurity. Altogether, VCPI is responsible for approximately 80,000 computers and servers that assist its nursing home clients, which access the data and systems they need via a Citrix-based virtual private networking platform. Restoring this access is reportedly VCPI's top priority, along with addressing any life-threatening situations.
Christianson also told Krebs that VCPI cannot afford the $14 million ransomware demand.
It was not entirely clear whether the 110 nursing homes figure cited in Krebs' article refers to 110 specific facilities or 110 nursing home companies that operate multiple facilities. Several comments in Krebs' article suggest it is actually the latter, especially when considering VCPI's use of 80,000 computers and servers. SC Media has reached out to VCPI for comment.
