Philadelphia-area health system says it ‘isolated’ a malware attack

Attackers behind the NetWalker ransomware claimed responsibility.
(Getty Images).

A “malware attack” has hit computer systems at Crozer-Keystone Health System, a large health care provider in the Philadelphia suburbs, a spokesman for the organization said Friday.

“After quickly identifying a recent malware attack, the Crozer-Keystone information technology team took immediate action and began remediating impacted systems,” Crozer-Keystone’s Rich Leonowitz said in an emailed statement.

Crozer-Keystone owns four hospitals and four outpatient centers in Delaware County, Pennsylvania, according to its website. It was not immediately clear how, if at all, the cybersecurity incident impacted those facilities. Leonowitz declined to answer questions on the matter.

“Having isolated the intrusion, we took necessary systems offline to prevent further risk,” Leonowitz’s statement continued. “We completed this work in collaboration with cybersecurity professionals across our health care system and are currently conducting a full investigation of the issue.”


A set of hackers behind the NetWalker ransomware claimed responsibility for the attack. On their victim-shaming website, the hackers shared screenshots that they claimed were encrypted files belonging to Crozer-Keystone. A countdown clock on the site threatens to publicly dump the data in six days unless the hackers are paid a ransom. The dual threat of extorting organizations and dumping data is an increasingly common tactic from ransomware perpetrators.

A sector under stress

It’s just the latest cybersecurity incident to hit the health care sector during the novel coronavirus pandemic. The IT systems at the Czech Republic’s second biggest hospital suffered a cyberattack in March. There have also been ransomware attacks on pharmaceutical and biotech firms helping respond to the coronavirus.

“With ransomware becoming a public health threat to health care systems overburdened during COVID-19, it should be treated as such,” said Beau Woods, a cyber safety innovation fellow at the Atlantic Council.

The hackers behind NetWalker are relatively new to the ransomware scene, but “have been very innovative during their short operational period,” said Allan Liska, a threat intelligence analyst at security company Recorded Future.


“Some of the NetWalker groups have been particularly aggressive in targeting health care providers and they appear to be successful at extracting ransom from these targets as very few have made it to their extortion site,” Liska added.

In March, a NetWalker ransomware attack temporarily disabled the website of a public health agency in Illinois that was updating residents on the spread of coronavirus.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts