R1 RCM, one of the nation’s largest revenue cycle management companies, has acknowledged it has taken down part of its systems in response to a ransomware attack, which began more than a week ago, according to a published report.
A ransomware attack occurs when hackers breach an organization’s information technology defenses and threaten to either permanently block access to data or publish it unless the organization pays a certain amount of money. The average amount of ransom paid increased by more than 1,000% between 2018 and 2019, according to one report, and averages more than $84,000. In some cases, hackers have been able to extract more than $1 million from organizations during ransomware attacks.
The report did not indicate whether R1 paid the ransom or how much was being asked for. The report did say the likely culprit was phishing malware known as Defray. Those who have used Defray in the past have been known to hide the malware in booby-trapped Microsoft Office documents attached to email messages. An unknowing user clicks to open the attachment and unleashes the malware onto the user’s computer, allowing it to propagate to any machine that computer is connected to, virtually or otherwise.
Many hackers had pledged not to attack healthcare organizations during the COVID-19 pandemic, but that truce may be over, according to the report. About 75% of healthcare companies do not use technology that scans incoming emails and quarantines or deletes messages that are deemed to possibly include malware, according to one report.
The timing of the attack was also possibly coordinated to coincide with the release of R1’s second quarter earnings report.
The report noted the “wealth” of personal and financial information held by RCM and other medical debt collection companies, including names, dates of birth, Social Security numbers, billing information and medical diagnostic data.