Two New York hospitals, Carthage Area Hospital and Claxton-Hepburn Medical Center, are still grappling with disruptions caused by a ransomware attack that occurred on August 31. Despite the passage of weeks, both hospitals are forced to divert patients and reschedule appointments. The FBI, New York State Department of Health, and other agencies are assisting in the ongoing recovery efforts. LockBit, the ransomware group responsible, has threatened to release seized data on September 19 if a ransom is not paid, adding to the ongoing challenges faced by these healthcare facilities.
Two New York hospitals are still grappling with the aftermath of a ransomware attack that occurred on August 31, causing disruptions that persist weeks later. Carthage Area Hospital and Claxton-Hepburn Medical Center, both affected by this cyberattack, were forced to divert patients initially and are still facing the necessity of canceling appointments.
Carthage Area Hospital, a 25-bed healthcare facility, issued a press release on September 7 via its Facebook page, assuring the public that essential services like dialysis, cancer treatment, and wound care appointments would proceed as scheduled despite the ongoing situation.
Claxton-Hepburn Medical Center, a 127-bed community hospital with a specialization in pediatric and mental healthcare, shared a Facebook announcement stating that appointments at various health centers and physician offices would be rescheduled for September 13 and 14.
While phone systems were reportedly restored on September 2, both medical facilities are still rerouting ambulances to other area hospitals and rescheduling appointments for most services, including cardiology and labs.
The recovery process is ongoing and receives support from multiple agencies, including the FBI, the New York State Department of Health, and the Division of Homeland Security and Emergency Services, as reported by The Record.
Adding to the complexity of the situation, LockBit, the ransomware culprit, has threatened to release the data it seized on September 19 if a ransom is not paid, according to a recent report.
This incident is part of a larger trend where LockBit has targeted hospitals in the past to gain access to patient and employee data. In previous instances, a small Ohio hospital successfully used a ransomware recovery tool to decrypt its files following a LockBit attack, and LockBit offered a decryptor to Toronto-based SickKids as an apology in January, as documented on the dark web.
Rich Duvall, CEO of both Carthage Area Hospital and Claxton-Hepburn Medical Center, confirmed that most of their data has been recovered. However, LockBit retains protected health information and other data to support their ransom demands, as stated by Duvall in an interview with WWNY News 7: “We’ve been notified by the threat actors or the people that committed this crime; this is a ransomware attack, and they are demanding a ransom.”
