NRC Health Suffers Ransomware Attack

Delaware, USA – February 28, 2020 – NRC Health suffered a ransomware attack on February 11, and the company could not confirm whether any sensitive data was stolen by the attackers. NRC Health is a Lincoln company that offers performance measurement and management services for health care companies, the company works with three fourth of the largest U.S. hospital chains and collects data from more than 25 million healthcare consumers a year across the U.S. and Canada. Paul Cooper, the NRC Health’s chief information officer, said that the system was shut down immediately to stop the spreading of ransomware infection, the company notified the FBI and launched their own investigation. NRC Health “has made significant progress in restoration to our systems and services to our customers and we anticipate full restoration in the coming days,” said Paul Cooper. “At this time, there is still no evidence of unauthorized access to or acquisition of any data from our systems, including protected health information or other confidential information as a result of this incident.”

Despite the confidence of NRC Health that the attackers did not steal sensitive data, some of NRC Health’s clients were worried that there was a breach, which would require them by law to notify their patients. It is not yet known which ransomware strain was used in this attack, but now more and more cybercriminal groups are stealing data before encrypting files. According to BleepingComputer, Sodinokibi ransomware-as-a-service operators have started urging affiliates to copy their victim’s data before encrypting computers so it can be used as leverage on a new data leak site that is being launched soon. A few days before, operators of the DoppelPaymer ransomware have launched a site that they will use to publish any files that were stolen before computers were encrypted. You can secure your organization by deploying Ransomware Hunter rule pack that leverages statistical profiling and behavioral analysis methods to spot signs of ransomware attack at every stage of Cyber Kill Chain: https://my.socprime.com/en/integrations/ransomware-hunter-hpe-arcsight