This Embattled Navajo Nation Hospital Is Still Recovering From a Recent Ransomware Attack

This Embattled Navajo Nation Hospital Is Still Recovering From a Recent Ransomware Attack

If you want a good example of the kind of havoc a well-placed cyberattack can wreak on an already stressed healthcare system, look no further than the Rehoboth McKinley Christian Health Care Services centre in Gallup, N.M.

Rehoboth, a nonprofit hospital based in the rural, Northwestern part of the state, was struck by a ransomware attack back in February. The facility, which was already under significant strain from the pandemic, was floored by the attack. NBC News reports that the malware knocked staff off their computers, forcing them to revert to pen and paper — a common occurrence in such attacks:

Publicly available details about the hack are scarce, and the hospital has declined to comment beyond confirming that the security breach briefly forced its staff off its computers. But sensitive employee files posted online by a hacker group known for ransomware attacks and seen by NBC News indicated just how deep an attack the hospital had suffered: files on everything from job applications and background checks to staff injury reports.

Incidents like this are a good example of how hackers will target weak, belabored institutions, making whatever that organisation is going through that much worse. Indeed, Rehoboth was already under a lot of pressure. Not only is it one of the only medical facilities in its area, it’s also one of the primary regional healthcare providers for a population that has been ravaged by the covid-19 crisis: the indigenous tribe of the Navajo Nation.

The Navajo have seen one of the highest covid infection rates in the country. The 175,000-person tribe — whose communities are spread across territories in Arizona, New Mexico and Utah — has seen upwards of 29,000 recorded cases and at least 1,184 deaths. The infection rate has, at times, surpassed that of New York. In December, the Navajo Times reported that some 68 chapters of the tribe were seeing “out of control” infection rates. Just Tuesday, the tribe reported 14 more fatalities related to the virus.

This swell of cases is thought to have been spurred by a number of interrelated factors, including high levels of poverty, cramped living quarters and pre-existing health issues. Poor access to digital resources is another potential issue (indigenous tribes are thought to be some of least “connected” populations in the country), as it may mean less access to reliable information regarding the virus and how to avoid it. Critics also say there are simply not enough healthcare resources regionally, and the federally funded healthcare entities that do exist are underfunded.

The high infection rates have put healthcare organisations under immense strain, Rehoboth being one of them. Even before the attack in February, the facility was having major problems: the CEO of the hospital was fired in June, after ongoing allegations that the facility was “unsafe, understaffed,” and “overwhelmed,” and that it had mismanaged the public health crisis.

Unfortunately, all of these weaknesses surely made Rehoboth a natural target for ransomware hackers, which seek out and exploit vulnerable institutions, leveraging their weaknesses against them in an effort to extract payment. Indeed, cyberattacks like this can be spawned by social crises — and then ultimately help exacerbate them.

In the case of Rehoboth, the gang believed to be responsible is named Conti. Files stolen in the attack are believed to have been dumped on a dark web “leak site” as leverage to push RMCH into paying the hackers:

Screenshot: Conti Ransomware Leak Site
Screenshot: Conti Ransomware Leak Site

It’s unclear whether the hospital actually paid the hackers, but the files that were previously listed on the site disappeared sometime later, NBC reports.

Of course, Rehoboth is not the only hospital to be victimized. Ransomware attacks have been a major problem for U.S. hospitals, both before and throughout the covid-19 pandemic. At the beginning of the coronavirus outbreak, some ransomware hackers claimed they would hold off on hospitals — but that promise didn’t last long. There was simply too much money to be made. Indeed, 560 healthcare facilities were impacted by ransomware last year alone, according to security firm Emsisoft.

Brett Callow, threat analyst for Emsisoft, said that it would appear that the rate of incidents in which data has been stolen and posted online by hackers has been increasing.

“In 2020, personal information, including protected health information, was stolen from healthcare providers and posted online on twelve occasions,” Callow said. “It should, however, be noted that at the beginning of 2020, only one ransomware group was overtly stealing data — Maze. Since then, more and more groups have jumped on the bandwagon, and there are now about 20 which routinely steal data. Unfortunately, this means that 2021 is likely to be a lot worse than 2020 in terms of the amount of personal information that is exposed.”