Pennsylvania health system hit by NetWalker ransomware

NetWalker ransomware operators have added Crozer-Keystone Health System to their list of victims who have not paid their ransom demands.

In a post on the threat actors’ website today, they note that they  will start dumping data in six days if the Pennsylvania-based health system does not meet their demands. Their public threat does not indicate how much ransom they have demanded.

As proof of claims, the threat actors posted a few screencaps. Several related to finances, one was fairly unreadable, and one was a directory of folders. None of the screencaps were of any medical records of patients.

Screen capture of directory of files
A screen capture of folders on a server.

In response to an inquiry from, the health system sent the following statement:

After quickly identifying a recent malware attack, the Crozer-Keystone information technology team took immediate action and began remediating impacted systems. Having isolated the intrusion, we took necessary systems offline to prevent further risk. We completed this work in collaboration with cybersecurity professionals across our healthcare system and are currently conducting a full investigation of the issue.

They did not answer questions this site had posed to them about whether any patient care was impacted by the attack, whether they had usable backups they could restore from, and how much ransom the attackers had demanded. They also declined to answer any follow-up questions.

About the author: Dissent

Comments are closed.