Worldwide Ransomware Attack Affects Area Hospitals

Jun 28, 2017

The worldwide ransomware attack that originated in the Ukraine and affecting much of Europe is now affecting San Antonio hospitals. The New Petya attack has affected mass transits systems, banks and critical infrastructure in parts of Europe. Here in San Antonio the ransomware attack has disabled a leading provider of medical dictation services from the company Nuance. 

According to an email sent to CHRISTUS Health doctors, the Petya ransomware attack has disabled the dictation service from Nuance Dragon, which is used in all aspects of hospital care from billing to referrals and consultations. Additional emails TPR has reviewed show that Nuance is also used at Methodist Healthcare Facilities. Baptist Health System San Antonio also confirmed they were affected.  


Doctors use the service in the operating theater and in making reports to other doctors who have referred patients for specialty care. One physician--who didn't want to be named--said the outage would cause horus of additional work, taking time away from patient care.

In emails to doctors officials at CHRISTUS and Methodist said they had no timetable from Nuance on when services would resume. In the interim, they recommended several options including hand written notes.

In a statement issued to TPR, CHRISTUS Health says, "This latest cyber-attack did not target CHRISTUS Health but rather another organization that serves as a vendor. We have taken steps to ensure that we remain vigilant and protect our information from threats." 

The statement goes onto say that no direct patient care has been impacted.

A Nuance employee who was not authorized to speak about the outage confirmed the attack had caused a network-wide outage.

The New Petya ransomware attack is as big as last month's WannaCry attack according to cyber security experts at Kaspersky Labs. In a blogpost this afternoon, Kaspersky wrote that New Petya was a never before seen malware program. 

Like other ransomware attacks the malware overrides a computer, encrypts the data and upon rebooting displays instructions on where to send money, or "ransom." In recent attacks this is usually requested in Bitcoin.

After a day, the Bitcoin wallet for New Petya had only collected $6000 according to cyber security experts at Dragos. 

"They knew what they were doing, this wasn't the B-team," says Dragos' senior threat hunter Daniel Gunter.

Many criticisms of the WannaCry attack was a lack of sophistication that New Petya doesn't suffer from, says Gunter, pointing to using recently patched exploits and programs that quickly pivoted if they were blocked.

Both WannaCry and now New Petya utilized cyber tools released by the group "The Shadow Brokers" two months ago, which they say were developed by the NSA.