Healthcare cyberattack latest: NextGen EHR ransomwared by AlphV/BlackCat, back to normal – 93% of healthcare orgs had 1-5 ransomware incidents

Cyberattacks on healthcare continue their drip-drip-drip. The latest is on an EHR/practice management platform used by small to enterprise-sized specialty practices, NextGen Healthcare. The hacker group associated with the AlphV/BlackCat ransomware moved into the system on 17 January. For a short time, they reportedly exhibited NextGen information on their extortion site but later took it down. NextGen reported a short-term disruption to operations. A NextGen spokesperson stated that “We immediately contained the threat, secured our network, and have returned to normal operations,” the spokesperson said. “Our forensic review is ongoing and, to date, we have not uncovered any evidence of access to or exfiltration of client data. The privacy and security of our client information is of the utmost importance to us.”  NextGen has also stated to this Editor that no patient data was affected.

NextGen is used by about 2,500 practices in the US, UK, India, and Canada, including over 20 specialties.

The group behind AlphV/BlackCat ransomware has an infamous history. Reputedly, the gang has been kicking around since 2012 and was the same group of charmers that attacked the Colonial Pipeline in 2021, using the Darkside ransomware in May 2021 that dried out gas stations across the US East Coast. Their next ransomware edition, BlackMatter, targeted agriculture during fall 2021. Healthcare IT News, The Record/Recorded Future News

More severe attacks affecting 93% of healthcare organizations. While NextGen contained the attack quickly, both the Censinet/Ponemon Institute and Fortified Health Security’s 2023 Horizon Report tracked 2022 healthcare data breaches and concluded that while the number of incidents didn’t change much, their severity ramped up. More according to SC Media in these reports: 

  • Over a dozen of the biggest incidents in 2022 each impacted well over 1 million records
  • Nearly half of the respondents experienced a ransomware attack in the last two years
  • 93% faced between one to five ransomware-related incidents
  • Outages lasted upwards of 35 days

The common ground with NextGen is danger to patient safety, because electronic record damage can translate quickly into unavailable patient care.

Updated PharmaCare Services, a pharmacy management company based in Texas, is listed as a victim on BlackCat’s extortion site. They were exhibited with NextGen and remained when NextGen’s listing was challenged and then taken down. PharmaCare is staying mum on any ransomware disruptions, according to GovInfoSecurity.

One ray of hope is improved medical device security, included in the ‘omnibus’ budget package approved in late 2022. FDA will be required to enforce new standards for premarket device submissions. One is a software bill of materials, adequate evidence to demonstrate the product can be updated and patched, and a description of security testing and controls. This was before Congress in the Protecting and Transforming Cyber Health Care (PATCH) Act which didn’t go far, but elements of which found their way into the omnibus. A needed change for medical devices and long expected by manufacturers. SC Media

It’s Alive! BlackBerry still Sparking with an ‘ultra-secure hyperconnectivity’ healthcare platform

And this Editor thought that BlackBerry had long since hung up the ‘Out Of Business Sign’. In this era of BYOD in healthcare and software systems like Blue Cedar that secure apps from these BYODs from the device past the server, the image of the ‘Crackberry’ persists–tiny keyboard, tiny screen, and the corporate governed phone. All these loathsome features have now transitioned to iPhone 6s (tiny keyboard, tiny screen, corporate apps, locked down and trackable everything). (So much for that ‘tech will set you free’ world promised by Steve Jobs in the ‘1984’ spot, replaced by Big Brother–Ed. Donna)

BlackBerry, as a company based in Ontario, Canada, endures as a software platform minus the devices. Much like Nokia, they have taken on the world of IoT in areas demanding tight security. Their latest introduction is the BlackBerry Spark, a software platform they claim will lead the Enterprise of Things (EoT) to “ultra-secure hyperconnectivity from the kernel to the edge”. Hyperconnectivity, in their definition, will enable secure IoT equipment with consumer friendly interfaces, leverage AI and manage smart ‘things’ regardless of operating system and existing platforms, and making military-grade security easy and intuitive for users. Spark will be available to companies (thus EoT) by the end of 2018.

BlackBerry has evidently latched on to a messy need–the lamentable lack of security in most consumer IoT devices. They have also identified the yawning gaps in security in almost every healthcare enterprise in connected devices. In Mobihealthnews, their spokespeople expanded on the technology as they are applying it to healthcare via a quantum-resistant code signing server, a new system using blockchain to deliver medical data and an operating system for secure medical devices. More details on how these are being used so far were cited in their most recent release:

  • A blockchain digital ledger for the Global Commission, an organization focused on diagnostics for children with a rare disease. One of the pilots concentrates on BlackBerry’s powering real-time, actionable analysis to shorten time to diagnosis.  
  • A new OS for medical, QNX OS for Medical 2.0. This is described as a real-time operating system for the development of robotic surgical instruments, patient monitoring systems, infusion pumps, blood analysis systems, and other safety-critical products that must pass stringent regulatory approvals.
  • With the Mackenzie Innovation Institute (Mi2), participating in research around comprehensive security, patient privacy and intelligent connectivity in healthcare IoT.
  • Skin cancer research in Australia with the Melanoma Institute Australia.

Certainly BlackBerry is aiming for a certain sweet spot in healthcare and finding some partners all over the world, though the US seems to be absent. Will they be able to ‘crack’ it and the rest of the world? Time will tell.