Security Briefing 🔴 Critical

Healthcare Under Attack: MedusaLocker Ransomware Hits 23 Hospitals

6 min read
CRITICAL URGENCY

Executive Summary

Ransomware gang targets 23 hospitals across Midwest with coordinated attack disrupting patient care. Critical vulnerability discovered in Epic EHR web portal affecting 250+ healthcare organizations. HIPAA enforcement action announced against healthcare provider for unpatched systems leading to breach.

⚡ Bottom line: Healthcare organizations must immediately verify VPN patch status and Epic MyChart security.

🏥
Critical

"MedusaLocker" Ransomware Campaign Hits Healthcare

Why It Matters

A coordinated MedusaLocker ransomware campaign has struck 23 hospitals across six Midwest states, encrypting electronic health records and medical imaging systems. Several hospitals have diverted ambulances and canceled surgeries. The attack exploited unpatched VPN appliances and spread via Active Directory.

Worst Case Scenario

Impact Description
Patient Safety Delayed treatments, medication errors, diverted ambulances
Data Breach PHI of millions of patients exposed
Financial $15M+ recovery costs per hospital
Regulatory HIPAA violations, HHS investigation
Patient lives at risk: When EHR systems go down, clinical staff lose access to medication lists, allergies, and treatment histories. Errors can be fatal.

How to Protect Yourself — Action Items

  • Verify all VPN appliances are patched (Fortinet, Pulse, Cisco)
  • Implement network segmentation for clinical systems
  • Enable offline backup copies of critical EHR data
  • Test business continuity procedures for downtime
  • Review ransomware incident response playbook
🔓
Critical CVE

CVE-2026-26789: Epic MyChart Authentication Bypass

Why It Matters

A critical authentication bypass in Epic MyChart patient portal allows attackers to access any patient's medical records using only their date of birth and a predictable identifier. Estimated 250+ healthcare organizations using vulnerable versions.

Worst Case Scenario

📋

Medical Record Access

Unauthorized access to patient medical histories.

🆔

Identity Theft

PHI theft for identity fraud and insurance scams.

💊

Data Modification

Modification of medication lists and allergies — potentially deadly.

📜

Compliance Impact

HIPAA breach notification requirements triggered.

How to Protect Yourself — Action Items

  • Apply Epic emergency patch (EpicCare Link 2026.1.3)
  • Enable multi-factor authentication for MyChart
  • Review MyChart access logs for suspicious patterns
  • Implement CAPTCHA for login attempts
  • Notify patients if unauthorized access detected
💉
Urgent

Medical Device Vulnerabilities: Infusion Pumps

Why It Matters

CISA and FDA issued joint advisory on vulnerabilities in Baxter and B. Braun infusion pumps allowing remote attackers to modify dosing parameters. Healthcare facilities must balance patching urgency with clinical workflow disruption.

How to Protect Yourself — Action Items

  • Inventory all connected infusion pumps
  • Segment medical device networks from IT networks
  • Apply vendor patches during maintenance windows
  • Implement wireless intrusion detection for clinical VLANs
  • Enable pump dose limit alerts as safety backstop
⚖️
Enforcement

HIPAA Enforcement: $4.8M Penalty for Unpatched Systems

Why It Matters

HHS OCR announced a $4.8M settlement with a regional health system after ransomware attack exploited systems unpatched for 18+ months. Enforcement action signals increased regulatory focus on patch management in healthcare.

How to Protect Yourself — Action Items

  • Document patch management procedures
  • Implement 30-day patching SLA for critical vulnerabilities
  • Conduct risk assessment for legacy systems
  • Maintain evidence of patching for compliance audits
  • Review cyber insurance coverage for regulatory fines
🎣
High

Healthcare Phishing: Credential Harvesting Surge

Why It Matters

Phishing campaigns targeting healthcare workers increased 180% in January, exploiting COVID-19 variant fears, benefits enrollment, and fake IT support requests. Compromised credentials often lead to EHR access and data theft.

How to Protect Yourself — Action Items

  • Deploy phishing-resistant MFA (FIDO2/WebAuthn)
  • Conduct healthcare-specific phishing simulations
  • Implement email filtering with healthcare IOCs
  • Enable suspicious login alerts for EHR access
  • Train staff on current healthcare phishing lures

Run a KENSAI scan now to see if your healthcare systems are affected

🗡️ Scan Your Systems →

Your Action Checklist for This Week

Critical — Do Today
  • Verify VPN appliance patch status (Fortinet, Pulse, Cisco)
  • Apply Epic MyChart security patch
  • Assess ransomware attack readiness
  • Inventory and segment medical devices
High — Do This Week
  • Review HIPAA Security Rule compliance
  • Document patch management procedures
  • Conduct risk assessment for legacy systems
  • Test EHR backup and recovery procedures
Medium — Ongoing
  • Implement phishing-resistant MFA
  • Review business associate agreements
  • Update incident response plan for PHI breaches

🛡️ Is your website secure?

Discover vulnerabilities before attackers do.

Scan your website for free →