Cyber Incident Victim: Dickinson County Healthcare System
Date:
Oct 2020
Location:
United States of America
Summary
A healthcare system was among multiple U.S. hospitals targeted in a coordinated ransomware campaign linked to Russian cybercriminals, part of a broader wave impacting up to 20 medical facilities. The attackers deployed Ryuk ransomware via the Trickbot botnet, causing IT disruptions that forced affected organizations to revert to paper records for certain services. Federal agencies issued warnings about the imminent threat to healthcare providers, noting the attacks' potential to severely disrupt operations. While specific impacts on individual facilities varied, the incident highlighted systemic vulnerabilities within the healthcare sector, with the full scope of compromised entities remaining unclear due to delayed reporting and ongoing investigations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late October 2020, Dickinson County Healthcare System experienced a ransomware attack as part of a coordinated wave targeting U.S. healthcare providers. The incident occurred around October 29-30, coinciding with federal warnings about an imminent cybercrime threat from a criminal group deploying Ryuk ransomware. This gang infected at least 20 medical facilities nationwide, including Dickinson County Healthcare System, Sky Lakes Medical Center in Oregon, and St. Lawrence Health System. The attackers used the Ryuk ransomware variant, which was distributed through the Trickbot botnet infrastructure. Federal agencies confirmed the ransomware's association with Russian cybercriminals in their October 28 advisory, noting the attacks specifically threatened healthcare providers during the COVID-19 pandemic. Dickinson County Healthcare System joined multiple institutions reporting IT system disruptions that forced operational changes, though specific intrusion vectors for their network weren't detailed publicly. The University of Vermont Health Network, attacked by the same group, was simultaneously analyzing its breach when Dickinson's incident emerged.
The ransomware attack caused significant service disruptions at Dickinson County Healthcare System, requiring staff to implement paper record-keeping for certain clinical operations. Spokespersons confirmed the IT outages but didn't specify whether patient data was exfiltrated or which hospital departments were most affected. Federal investigators linked the incidents to a single threat actor group exploiting vulnerable healthcare networks, though Dickinson's specific detection timeline and containment measures weren't disclosed. Like other victims, the healthcare system faced recovery challenges common to Ryuk attacks, including encrypted files and disabled critical systems. The U.S. government's October 28 joint advisory by CISA, FBI, and HHS highlighted the attackers' tactics but didn't reference Dickinson County specifically. No ransom demands or payment details were reported publicly regarding this institution. The incident formed part of a broader healthcare targeting campaign whose full impact remained unclear due to delayed reporting from affected organizations.