Valley Health System

Valley Health System experienced a ransomware attack.

VHS provides primary and preventative care to approximately 75,000 patients each year in southern West Virginia, southeastern Ohio, and eastern Kentucky, operating more than 40 healthcare facilities.

The attack had disrupted access to some VHS computer systems.

The Sodinokibi (“REvil”) threat actors had identified VHS on their leak site and said to publish data such as private data, information about clients and employees, and confidential information if not contacted.

REvil provided some screenshots and files as proof of access.

One screenshot showed a Reports directory consisting of a list of folders where each folder name was a patient’s name. Another screenshot showed a patient record involving prescription opioid management.

Source: https://www.databreaches.net/valley-health-system-recovering-from-ransomware-attack-while-maintaining-patient-care/

TPRM report: https://scoringcyber.rankiteo.com/company/valley-health-system_2

"id": "val05725123",
"linkid": "valley-health-system_2",
"type": "Ransomware",
"date": "08/2020",
"severity": "75",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'customers_affected': 75000,
                        'industry': 'Healthcare',
                        'location': ['Southern West Virginia',
                                     'Southeastern Ohio',
                                     'Eastern Kentucky'],
                        'name': 'Valley Health System',
                        'type': 'Healthcare'}],
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['Patient records', 'Reports directory'],
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Private data',
                                              'Information about clients and '
                                              'employees',
                                              'Confidential information',
                                              'Patient records']},
 'description': 'Valley Health System (VHS) experienced a ransomware attack '
                'that disrupted access to some of its computer systems. The '
                'Sodinokibi (REvil) threat actors identified VHS on their leak '
                'site and threatened to publish data such as private data, '
                'information about clients and employees, and confidential '
                'information if not contacted. REvil provided screenshots and '
                'files as proof of access, including a patient record '
                'involving prescription opioid management.',
 'impact': {'data_compromised': ['Private data',
                                 'Information about clients and employees',
                                 'Confidential information',
                                 'Patient records'],
            'systems_affected': 'Some VHS computer systems'},
 'motivation': 'Data Exfiltration and Extortion',
 'ransomware': {'data_exfiltration': True,
                'ransomware_strain': 'Sodinokibi (REvil)'},
 'threat_actor': 'Sodinokibi (REvil)',
 'title': 'Ransomware Attack on Valley Health System',
 'type': 'Ransomware'}