Last week, on or before Thursday, Oct. 22, staff and administration at Cedar County Memorial Hospital became aware of an online data breach, followed by an apparent attempt to extort the hospital for a financial payment for the return of said data.
The cyber intrusion utilized a dark web program labeled as “Ragnarok” ransomware, which consisted of an alleged capturing of data, along with a threat to disseminate it, unless a ransom was paid to a veiled or unnamed entity.
On the morning of Wednesday, Oct. 28, the Cedar County Republican obtained an email regarding an ongoing cyber security incident within the hospital and immediately responded to CCMH chief executive officer Jana Witt via telephone for comment.
A voicemail was left for Witt, asking her to call the CCR office regarding the developing situation and data exposure.
Opting not to return the call, Witt instead utilized email to ask CCR staff to discard the information and offered no further explanation.
Numerous questions were then asked of Witt in a response email sent shortly after initial communications — all of which went unanswered.
Additional follow-up calls were placed to CCMH later in the day — again attempting to directly reach Witt — wherein CCR staff was directed away from Witt to a mailbox for human resources.
According to documents obtained by CCR staff, several insurance entities and nationally known law firm BakerHostetler all are involved with the early stages of the data breach.
Through the initial discovery and response to the web-based intrusion, online and digital forensics entity Speartip has been consulted, and Coveware, a ransomware, data recovery and negotiation support company, both have taken a role within the developing situation surrounding the breach and attempted extorsion.
Supporting documents show one of CCMH’s liability carriers already has OK’d an “extorsion payment of up to $15,000,” — with a caveat noting the decision to pay the ransom ultimately wholly remained with CCMH.
It is unknown if the hospital would be reimbursed for the funds, as insurance documents obtained by CCR staff state the hospital’s retention (essentially a deductible) is $25,000 and has a coverage ceiling of $1,000,000, in the event of a cyber liability — meaning the alleged ransomware’s financial demand likely falls under the minimum amount of monies deemed the obligation of an insurer.
Additionally, documentation obtained by CCR also shows the Federal Bureau of Investigations has been notified and the hospital is cooperating with investigators efforts looking into all facets of the breach.
Presently, no communication or response has been received from CCMH in relation to the data breach, though it was requested expeditiously from hospital administration and multiple outreaches were made by CCR staff on Wednesday, Oct. 28.
At time of press, the full extent of the breach and the specifics of data allegedly captured both remain unknown or unannounced by CCMH.
As additional sources are contacted and the investigation into this data breach moves forward, the CCR will continue to bring accurate and complete information to our readers as it becomes available.