{
	"id": "abc689e8-d12d-4919-a542-cd9cc27e4dac",
	"created_at": "2026-04-06T00:07:35.507151Z",
	"updated_at": "2026-04-10T03:21:53.932394Z",
	"deleted_at": null,
	"sha1_hash": "87d344052798d6f78e90dc77809acb87603488be",
	"title": "Philadelphia-area health system says it ‘isolated’ a malware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35334,
	"plain_text": "Philadelphia-area health system says it ‘isolated’ a malware attack\r\nBy Sean Lyngaas\r\nPublished: 2020-06-19 · Archived: 2026-04-05 14:15:54 UTC\r\nA “malware attack” has hit computer systems at Crozer-Keystone Health System, a large health care provider in\r\nthe Philadelphia suburbs, a spokesman for the organization said Friday.\r\n“After quickly identifying a recent malware attack, the Crozer-Keystone information technology team took\r\nimmediate action and began remediating impacted systems,” Crozer-Keystone’s Rich Leonowitz said in an\r\nemailed statement.\r\nCrozer-Keystone owns four hospitals and four outpatient centers in Delaware County, Pennsylvania, according to\r\nits website. It was not immediately clear how, if at all, the cybersecurity incident impacted those facilities.\r\nLeonowitz declined to answer questions on the matter.\r\n“Having isolated the intrusion, we took necessary systems offline to prevent further risk,” Leonowitz’s statement\r\ncontinued. “We completed this work in collaboration with cybersecurity professionals across our health care\r\nsystem and are currently conducting a full investigation of the issue.”\r\nA set of hackers behind the NetWalker ransomware claimed responsibility for the attack. On their victim-shaming\r\nwebsite, the hackers shared screenshots that they claimed were encrypted files belonging to Crozer-Keystone. A\r\ncountdown clock on the site threatens to publicly dump the data in six days unless the hackers are paid a ransom.\r\nThe dual threat of extorting organizations and dumping data is an increasingly common tactic from ransomware\r\nperpetrators.\r\nA sector under stress\r\nIt’s just the latest cybersecurity incident to hit the health care sector during the novel coronavirus pandemic. The\r\nIT systems at the Czech Republic’s second biggest hospital suffered a cyberattack in March. There have also been\r\nransomware attacks on pharmaceutical and biotech firms helping respond to the coronavirus.\r\n“With ransomware becoming a public health threat to health care systems overburdened during COVID-19, it\r\nshould be treated as such,” said Beau Woods, a cyber safety innovation fellow at the Atlantic Council.\r\nThe hackers behind NetWalker are relatively new to the ransomware scene, but “have been very innovative during\r\ntheir short operational period,” said Allan Liska, a threat intelligence analyst at security company Recorded\r\nFuture.\r\n“Some of the NetWalker groups have been particularly aggressive in targeting health care providers and they\r\nappear to be successful at extracting ransom from these targets as very few have made it to their extortion site,”\r\nLiska added.\r\nhttps://www.cyberscoop.com/crozer-keystone-cyber-attack-netwalker-ransomware/\r\nPage 1 of 2\n\nIn March, a NetWalker ransomware attack temporarily disabled the website of a public health agency in Illinois\r\nthat was updating residents on the spread of coronavirus.\r\nSource: https://www.cyberscoop.com/crozer-keystone-cyber-attack-netwalker-ransomware/\r\nhttps://www.cyberscoop.com/crozer-keystone-cyber-attack-netwalker-ransomware/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.cyberscoop.com/crozer-keystone-cyber-attack-netwalker-ransomware/"
	],
	"report_names": [
		"crozer-keystone-cyber-attack-netwalker-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434055,
	"ts_updated_at": 1775791313,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/87d344052798d6f78e90dc77809acb87603488be.pdf",
		"text": "https://archive.orkl.eu/87d344052798d6f78e90dc77809acb87603488be.txt",
		"img": "https://archive.orkl.eu/87d344052798d6f78e90dc77809acb87603488be.jpg"
	}
}