Eden Prairie-based Consulting Radiologists Ltd. Suffers Ransomware Attack

Eden Prairie-based Consulting Radiologists Ltd. (CRL), a prominent radiology practice employing approximately 75 radiologists and serving 100 healthcare facilities across Minnesota and its surrounding areas, recently fell victim to a ransomware attack. The cyber incident, which took place around February 11, 2024, initially disrupted the organization's telephone lines.

In response, CRL promptly intervened to halt the attack, thereby averting a full-scale data breach. The practice has since fortified its systems and is actively collaborating with healthcare providers to ensure continuity of services. Preliminary investigations suggest that no data or personal information was compromised during the incident.

This cyberattack notably impacted several Allina Health system facilities, which depend on CRL for radiological support. The disruption forced smaller facilities, lacking in-house radiology services, to redirect stroke and trauma patients to alternative locations for necessary imaging procedures.

Company Overview

Consulting Radiologists Ltd. stands as a key provider of radiology services to healthcare facilities throughout Minnesota and its neighboring regions. With a team of about 75 radiologists, the company plays a crucial role in supporting 100 healthcare facilities.

Vulnerabilities

The ransomware attack on CRL underscores the heightened vulnerability of healthcare entities to cyber threats. These organizations often operate with legacy systems and devices that may not be adequately secured or might be neglected, increasing their risk of cyberattacks. Furthermore, the healthcare sector is bound by strict data protection and privacy regulations, such as HIPAA in the U.S. and GDPR in the EU, demanding extensive security measures, incident response strategies, and continuous risk evaluation.

Impact

The cyberattack on CRL has significantly disrupted operations across hospitals, medical offices, and pharmacies nationwide. This disruption complicates the delivery of patient care, the processing of prescriptions, the submission of insurance claims, and the receipt of payments for critical services. The incident highlights the paramount importance of cybersecurity within the healthcare sector and the necessity for stringent access controls, vigilant monitoring, and comprehensive employee training to reduce the likelihood of successful cyberattacks.

Sources

• Eden Data: Healthcare Cybersecurity and Compliance Services. Available at https://www.edendata.com/
• The Impact of the Change Healthcare Cyberattack: What to Know. Available at https://www.healthcareitnews.com/news/impact-change-healthcare-cyberattack-what-know
• Facility diverts stroke and trauma patients amid cyberattack on large radiology practice. Available at https://www.healthcareitnews.com/news/facility-diverts-stroke-and-trauma-patients-amid-cyberattack-large-radiology-practice
• HHS Statement Regarding the Cyberattack on Change Healthcare. Available at https://www.hhs.gov/about/news/2023/02/15/hhs-statement-regarding-cyberattack-on-change-healthcare.html