Report: Appalachian Regional Healthcare attack may have been ransomware

Cyber insurance is no longer optional in hospitality

A hack of Appalachian Regional Healthcare’s electronic communications and web-based services late last month is still causing headaches for the provider, with The Register-Herald reporting a hospital source has said the attackers are demanding a ransom.

A patient of the Kentucky-based health system says that when she went to see her doctor, she was told that results from respiratory tests were not available because of the hack, according to the article.

In seeking comment from ARH last Friday, the Register-Herald was told that the CEO was out of the office. The newspaper, according to the article, also received an email from ARH’s Chief Legal Officer Rick King threatening "legal action" for "deliberately publish[ing] statements" that show the hospital in a "false light."

In a statement posted Aug. 29 to the health system’s website, ARH Vice President of Medical Affairs Maria Braman said all patient care, registration, medication, imaging and lab services were being handled manually.

All patients, she added in the statement, were asked to bring prescribed medications and medical history information with them when visiting ARH physician practices or emergency departments.

A lack of cybersecurity skills is creating vulnerability across industry sectors, with healthcare especially vulnerable, according to a survey commissioned by the Center for Strategic and International Studies.