Kansas Heart Hospital in northeast Wichita is one of more than 200 victims in a ransomware attack and extortion case, the Justice Department said Wednesday.
Two men from Iran were indicted by a federal grand jury in Newark, N.J., alleging that they created malware — known as SamSam Ransomware — that encrypted data on victims’ computers and then extorted payment from victims through bitcoin to unlock the encrypted data. The Justice Department alleges the scheme also caused victims more than $30 million in losses.
“The allegations in the indictment unsealed today -- the first of its kind -- outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail,” Assistant Attorney General Brian Benczkowski said in a Justice Department news release.
The men accused in the six-count indictment are Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27. Both acted from inside Iran, the Justice Department alleges.
The Justice Department said Kansas Heart, 3601 N. Webb, was one of six health care-related entities that were affected. The others were Hollywood Presbyterian Medical Center in Los Angeles; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, N.C.; MedStar Health, headquartered in Columbia, Md.; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha; and Allscripts Healthcare Solutions Inc., headquartered in Chicago.
Kansas Heart officials couldn’t immediately be reached for comment Wednesday.
Also affected by the ransomware and extortion were the city governments of Atlanta and Newark, the Port of San Diego and the Colorado Department of Transportation.
“The defendants in this case developed and deployed the SamSam Ransomware in order to hold public and private entities hostage and then extort money from them . . . cravenly taking advantage of the fact that these victims depend on their computer networks to serve the public, the sick, and the injured without interruption,” Craig Carpenito, U.S. Attorney for the District of New Jersey, said in the release.
The indictment alleges Savandi and Mansouri have received more than $6 million in ransom payments.
They developed the first version of the SamSam Ransomware in 2015, the indictment alleges, and created refined versions in 2017. The indictment alleges they would scan for computer network vulnerabilities and use other techniques to target potential victims. They would hack the victims’ systems and launch the attacks before or after regular business hours, the indictment alleges, making it more difficult for victims to mitigate them.
The Justice Department said there were between four and five reports of the SamSam Ransomware attack in Kansas, but only identified Kansas Heart as a victim.
