Senior Care Providers Scramble After $14M Ransomware Attack Hits Tech Firm VCPI

A Milwaukee-based technology company fell victim to a Russian ransomware attack, resulting in the data of most of its acute care and senior housing and care clients becoming inaccessible unless the provider pays a ransom.

Virtual Care Provider Inc. (VCPI) provides cloud services, data storage and management, security services and internet access for over 110 health care providers in 45 states, totaling nearly 80,000 computers and servers.

The attack, which began on Nov. 17, encrypted all client data VCPI handles. The group behind the attack is demanding a ransom of $14 million in bitcoin, in exchange for a digital key to unlock the data. The attack was first reported by cybersecurity expert and journalist Brian Krebs and also covered by the Milwaukee Journal-Sentinel.


In addition to the client data, the ransomware attack affected VCPI’s payroll system. The longer the ransomware attack lasts, patients’ health will be at risk and some providers may have to shut down, VCPI CEO Karen Christianson told Krebs.

“We’ve got some facilities where the nurses can’t get the drugs updated and the order put in so the drugs can arrive on time,” she told Krebs. “In another case, we have this one small assisted living place that is just a single unit that connects to billing. And if they don’t get their billing into Medicaid by December 5, they close their doors. Seniors that don’t have family to go to are then done. We have a lot of [clients] right now who are like, ‘Just give me my data,’ but we can’t.”

As of press time, VCPI had not returned a request for comment from Senior Housing News.*


At least one senior care facility, Lutheran Home and Harwood Place in Wauwatosa, Wisconsin, was affected by the attack. But the impact was minimal, Lutheran Home President and CEO Scott McFadden told SHN. Lutheran Home has used VCPI’s services since 2010, and put redundancies in place at VCPI’s request allowing the facility access to all of its vital data including billing, business software, access to payroll and even point-of-sale dining data.

The ransomware attack was limited to Lutheran Home’s email servers and Microsoft Office suite of software, McFadden said.

Ransomware attacks are becoming more frequent in health care.

Five health care networks fell victim to a ransomware attack in June; one of the affected networks, NEO Urology in Boardman, Ohio, paid the attackers a $75,000 ransom. The city of Baltimore’s health department was among the agencies affected by a ransomware attack in May. An attack on the servers of Wyoming-based Campbell adversely impacted 1,500 computers and disrupted services across the system, which includes a long-term care facility.

Senior living providers have been slow to adapt to technology, whether for better data security or for wellness-focused operations. For Lutheran Home, the investment in a two-line IT infrastructure was minimal and paid dividends with this attack, McFadden told SHN.

“We weren’t affected as much as we could have been thanks to a combination of good advice, forethought and good luck. It was a good test and we passed in part because of VCPI,” he said.

*EDITOR’S NOTE: A prior version of this article stated that Lois Christianson is the CEO of VCPI, which is incorrect. It has been updated to reflect Karen Christianson as the CEO of VCPI. After this story was posted, Christianson contacted Senior Housing News. She disputes certain details in the reporting from Krebs on Security and the Milwaukee Journal-Sentinel and said she intends to clarify VCPI’s position after the forensic investigation is completed.

Companies featured in this article: