Each and every file has been encrypted on an estimated 80,000 computers owned by Virtual Care Provider Inc.
VCPI provides IT services to nursing homes in 45 states – including internet access, billing, phones, email, and client records. Hackers encrypted the entire computer networks of 110 nursing homes across the US using the notorious Ryuk strand of ransomware.
A security breach was reported in September 2018, but the ransomware infection didn’t start until November 2019. Up until that point, the disaster was preventable.
VCPI chief executive Karen Christianson told KrebsonSecurity that the attack not only stops her company dead in its tracks, but that the nursing homes face insurmountable problems if the files stay encrypted.
The nursing homes cannot pay for Medicaid or access any kind of client information, such as drug prescriptions, without the services of VCPI.
VCPI’s own payroll system has been encrypted as well, but Christianson told interviewers that life-threatening issues are top priority.
VCPI reportedly lacks the cash to pay the $14 million ransom demanded by the hackers behind the attack.