The IT Nerd

Last week, Illinois-based Petersen Health Care, known for its extensive network of nursing homes across the US, has filed for bankruptcy following the impacts of two cyberattacks on its systems and defaults on its loans.

Petersen Health Care operates over 90 nursing homes with nearly 4,000 employees and a capacity to accommodate 6,796 residents with services ranging from assisted living to hospice care in Illinois, Missouri, and Iowa. While the company had more than $339 million in revenue last year its debts were more than $295 million.

In October 2023, a cyberattack claimed by the Cactus ransomware gang compromised the company’s network and led to the exposure of sensitive information. 

Petersen had attempted to restructure its debt, but the cyberattack forced the company to replace its servers, email addresses, and software and consequently caused the company to lose a significant amount of its business records resulting in an “incredible difficulty and delay” in its attempts to bill customers and insurers, according to court filings.

Furthermore, the ransomware attack on UnitedHealth Group’s Change Healthcare, a major payor for Petersen, further exacerbated Petersen’s financial difficulties. 

In the fallout of the two ransomware attacks, Petersen missed payments on $45 million of HUD loans, causing lenders to place 19 of its locations into receivership. Petersen has worked to transition those locations to the receiver’s control but has struggled to keep up with “demand-after-demand from the receiver” while also working to address its larger debt issues, further disrupting the company’s operations, compounding its financial woes.

Steve Hahn, Executive VP, BullWall:

   “This is the first of many to come. Blackcat (AlphV), the largest player in the Ransomware space, has specifically said they will focus most of their attention on US Healthcare organizations as a result of the FBI lead attack on Blackcat’s infrastructure. The FBI claimed they “took down” Blackcat but within 24 hours Blackcat proved otherwise. Continuing attacks and saying specifically that US healthcare would be targeted more as a result. Considering this group is Russia based, there are economic principals at play here as this group has likely pulled in close to a billion dollars in Ransom in 2023, but it is also geo-political as many members of Blackcat have ties to former KGB bosses running the criminal underground and Putin was the head of the KGB. We believe he provides them cover in exchange for targeting the sectors Putin wants targeted. 

   “Their attacks have been financially ruinous to many. United Healthcare recently paid 22 million to this group to decrypt their data after being hit with Ransomware, but that’s peanuts compared to the billions in lost prescription refills caused by the attack. Truly, the impacts of this will likely be over $5 billion dollars when the dust settles. Attacks on hospitals, such as the Lehigh Valley Health Network not only encrypted data but the threat actor extorted the hospital for millions more, threatening to release hundreds of photos of breast cancer patients in states of undress. They trickled these out in batches as they demanded payment. It’s not certain how much they paid to the threat actor group, but the lawsuits will be ruinous to that health network as a result. 

   “Healthcare networks are easy targets. Massive numbers of IOT devices, doctors accessing systems with personal devices, thousands of connected providers and a sprawling attack surface make them sitting ducks. On top of that they have to pay to get their systems up and running or there will be loss of life. 

   “Another group of hospitals was recently hit in the Northeast and had to suspend operations as they transferred patients to other providers. It’s unknowable how many people have lost their life in 2023 because of these attacks but we know healthcare will continue to be the top target, that healthcare services will be impacted and the financial strain on these systems will cost hundreds of billions for our economy. Exactly what Russia wants. 

   “For healthcare, it’s not a matter of “if” it’s a matter of “when”. And they need backup plans, recovery plans and rapid containment plans to limit the effects. They can’t stop these, but they can minimize their impact.”

Getting pwned has a cost to it. And that cost could be anything from expensive to terminal for a business. This is why every organization needs to wrap their heads around prevention and mitigation as a strategy to avoid finding out what the cost of getting pwned is for them.

Jacksonville Beach joins a growing list of municipalities to suffer a cyberattack, disclosing just last week that 48,949 people had their names and social security numbers disclosed during a January cyberattack. 

“On or about January 29, 2024, [City of Jacksonville Beach] began experiencing information system issues as a result of a cybersecurity event,” the city said.

The LockBit ransomware group claimed the attack back in February. In statement posted to their website last week, the City confirmed the LockBit claim and said they are still working with federal law enforcement on the investigation. 

“This investigation determined that certain files in COJB systems were subject to unauthorized access and that information may have been taken from the network between January 22, 2024 through January 29, 2024. As a result, COJB began a thorough review of the data stored within these files to determine the type of information was contained within them and to whom the information relates.”

Another Florida city,  Pensacola, announced a cyberattack earlier in the week that caused serious issues for the local government making it the 21st U.S. municipality to suffer a cyberattack this year, according to cybersecurity expert Brett Callow.”

BullWall Executive, Carol Volk had this to say:

“This Jacksonville cyberattack echoes the severity of similar incidents like the one in Dallas, TX last fall and in Oakland, CA earlier that year. Just like those attacks, this not only disrupted essential services but also compromised sensitive personal data. With 48,949 individuals’ names and social security numbers exposed, the repercussions are profound.

   “Data breaches of this magnitude lead to identity theft and financial losses for both citizens and institutions. The perpetrators’ demand for ransom adds another layer of complexity, potentially causing further financial and reputational harm to the municipality. The week-long disruption to city services underscores the immediate impact, while the long-term effects on infrastructure and security cannot be overlooked. We’ve all seen the consequences when critical services like hospitals are incapacitated for days.

   “This incident emphasizes the urgent need for robust cybersecurity measures to defend against evolving threats. Implementing proactive strategies and response protocols including response and containment measures to safeguard against such attacks, as there is no end in sight to these sorts of attacks.”

To be clear, it isn’t just US municipalities who are the targets of cyberattacks. Hamilton Ontario and Huntsville Ontario here in Canada have been pwned too. That illustrates not only the fact that this is a huge problem, but municipalities need to wrap their heads around it or this will get out of control quickly like we’ve seen in the healthcare space.