November 25, 2019

A Milwaukee-based company that provides technology services to more than 100 nursing homes nationwide is the victim of a ransomware attack, and hackers are demanding $14 million before they'll restore the company's access to its hijacked servers.

Virtual Care Provider Inc. informed its clients about the attack in a letter Nov. 18, which was a day after the attack was discovered. In it, the said it was working to determine if any client data had been compromised. It said about 20% of its services were affected by the virus and that it needs to rebuild 100 of its servers.

The company has been unable to pay the ransom, meaning some of the nursing homes it serves can't access , use the internet, pay employees or order medications, The Journal Sentinel reported. The Associated Press asked Virtual Care whether sensitive patient information, such as Social Security numbers and medical records, had been compromised and how many patients might have been affected. In response, the company said its "comprehensive forensic investigation into the potential scope of the incident remains ongoing."

"We have employees asking when we're going to make payroll," Karen Christianson, the company's Chief Executive Officer, told the newspaper. "But right now, all we're dealing with is getting electronic back up and life-threatening situations handled first."

The company said Monday in a statement to AP that "upon learning of this incident, we immediately launched an internal investigation and retained independent cyber security experts to assist us in our investigation and remediation efforts." The statement went on to say the company is "working diligently to restore these systems as quickly and safely as possible."

A Milwaukee security firm, Hold Security, found that that a well-known gang of Russian hackers had infected Virtual Care's computers over 14 months through malicious email attachments, the Journal Sentinel reported.

The company is the latest in the health care sector in the country to find itself targeted by ransomware.

In August, a ransomware attack crippled about 400 dental practices nationwide, including two Wisconsin companies that provide an online service to dentists' offices. The attack made patient charts, schedules, X-rays and patient ledgers inaccessible.

Last year in New Jersey, two Iranian men were indicted in the so-called SamSam attacks that targeted about 200 victims, including hospitals, municipalities and public institutions, causing more than $30 million in losses.

© 2019 The Associated Press. All rights reserved.