HIPAA Journal

JUNE 6, 2023

The eagerly anticipated Verizon 2023 Data Breach Investigations Report ( DBIR ) has been published – An annual report that provides insights into the current threat landscape and data breach trends. of data breaches – a slight increase in ransomware incidents from last year and a slight decrease in ransomware-related data breaches.

Ransomware 85

Ransomware HIPAA 85

HIPAA Journal

FEBRUARY 8, 2024

A new report from Chainalysis has revealed victims of ransomware attacks paid hackers $1.1 billion in 2023 to obtain the keys to unlock their data and to prevent the release of information stolen in the attacks. The researchers believe this anomaly is linked to the Russia-Ukraine war.

Ransomware 83

Ransomware HIPAA Governance Hospitals 83

HIPAA Journal

APRIL 23, 2024

Notification letters have been sent to more than 34,500 individuals about ransomware attacks that occurred more than 9 months ago. Kisco Senior Living experienced its attack in June 2023, and Island Ambulatory Surgery Center suffered an attack in July.

Ransomware 97

Ransomware Fraud Licensing HIPAA 97

Compliancy Group

FEBRUARY 23, 2024

The HHS settlement, resulting from an investigation into a 2019 ransomware attack, requires the behavioral health provider to pay $40,000, implement a corrective action plan, and submit to three years of OCR monitoring. In October 2023, HHS settled its first ransomware investigation with a business associate for $100,000.

Ransomware 52

Ransomware HIPAA Compliance 52

Healthcare IT Today

MAY 16, 2024

While it’s amazing to consider two breaches and ransomware incidents the size of Change Healthcare and Ascension could happen so closely together, it’s very clear that healthcare is a target and we need to massively increase our investment in security to show we’ve learned from these experiences.

Ransomware 98

Ransomware US Department of Health and Human Services Hospitals Compliance 98

HIPAA Journal

MARCH 29, 2024

In February, Harvard Pilgrim Health Care revised the total number of individuals affected by an April 2023 ransomware attack, increasing the total by more than 81,000 to 2,632,275 individuals. The post Harvard Pilgrim Health Care Increases Ransomware Victim Count to 2.86 Million appeared first on HIPAA Journal.

Ransomware 64

Ransomware HIPAA Health Insurance 64

HIPAA Journal

MAY 1, 2023

The Health Sector Cybersecurity and Coordination Center (HC3) has issued a fresh ransomware warning to the healthcare and public health (HPH) sector following a spate of attacks on the HPH sector in April by the Clop and LockBit ransomware groups. LockBit ransomware was deployed in some of the attacks. 21.2.11, and 22.0.9

Ransomware 100

Ransomware Public Health HIPAA 100

Compliancy Group

JANUARY 2, 2024

2023 was a banner year for healthcare fines and breaches. The Department of Health and Human Services (HHS) Office for Civil Rights settled thirteen cases with healthcare organizations for potential HIPAA violations. Ransomware and hacking are still the primary cyber threats in healthcare. Fines ranged from $15,000 – $1.3

HIPAA 52

HIPAA Ransomware Compliance Hospitals 52

HIPAA Journal

MAY 25, 2023

CommonSpirit Health has provided an updated estimate on the cost of its October 2022 ransomware attack, which is expected to increase to $160 million. The ransomware attack was detected by CommonSpirit Health on October 2, 2022, forcing systems to be taken offline. billion, and $25.6 billion for the 9 months to March 31.

Ransomware 110

Ransomware HIPAA Hospitals 110

HIPAA Journal

FEBRUARY 8, 2024

In March 2023, CISA launched its Pre-Ransomware Notification Initiative which sees alerts issued if vulnerabilities are detected that are known to be actively exploited by ransomware groups to allow organizations to take action to prevent the vulnerabilities from being exploited.

Ransomware 74

Ransomware HIPAA 74

HIPAA Journal

MARCH 10, 2023

Codman Square Health Center in Boston, MA, has confirmed that it was the victim of a ransomware attack in November 2022 in which hackers gained access to the protected health information of 10,161 current and former patients. On February 2, 2023, a business associate was sent an email that included a list of patients’ dental appointments.

Ransomware 108

Ransomware HIPAA 108

HIPAA Journal

NOVEMBER 8, 2023

Mulkay Cardiology Consultants at Holy Name Medical Center has recently confirmed that it fell victim to a ransomware attack. The attack was detected on September 5, 2023, when files on its network were encrypted. According to the breach notice, Mulkay was able to rebuild its systems and recover the encrypted files from backups.

Ransomware 94

Ransomware Licensing Health Insurance HIPAA 94

HIPAA Journal

MARCH 29, 2024

It has been more than 5 weeks since Change Healthcare suffered a Blackcat ransomware attack. Department of State Offers $10 Million Reward for Information on ALPHV/Blackcat Ransomware Group The U.S. The AHA expressed concern about Fontes Rainer’s statement and is seeking clarification on which entities need to issue notifications.

Ransomware 95

Ransomware US Department of Health and Human Services HIPAA Hospitals 95

HIPAA Journal

NOVEMBER 13, 2023

A zero-day vulnerability in the SysAid IT service management solution is being exploited by the Lace Tempest (aka FIN11, DEV-0950, TA505) threat group to gain access to SysAid servers, steal data, and deploy Clop ransomware. The SysAid vulnerability was identified on November 2, 2023, after it had been exploited.

Ransomware 89

Ransomware HIPAA 89

HIPAA Journal

APRIL 8, 2024

The Medusa ransomware group has leaked data stolen from American Renal Associates. American Renal Associates American Renal Associates (ARA), one of the largest providers of dialysis services in the United States and a provider of care for patients suffering from end-stage renal disease has experienced a Medusa ransomware attack.

Ransomware 67

Ransomware Health Insurance Licensing HIPAA 67

HIT Consultant

MARCH 25, 2024

UnitedHealth Group’s technology unit, Change Healthcare, is currently facing an ongoing ransomware attack which has reverberated through healthcare systems and affected prescription deliveries. For example, throughout 2023 about one in three Americans were affected by health-related data breaches.

Ransomware 113

Ransomware US Department of Health and Human Services Regulatory Compliance Compliance 113

HIPAA Journal

JUNE 27, 2023

In March 2023, Atlantic General Hospital notified the Maine Attorney General that it had fallen victim to a ransomware attack in which the protected health information of 30,704 individuals was exposed; however, the ransomware attack was far more extensive than was previously thought and the total has been upwardly revised to 136,981 individuals.

Ransomware 91

Ransomware Hospitals Health Insurance HIPAA 91

HIPAA Journal

APRIL 20, 2023

Healthcare Data Breaches Reported in March 2023 In March, 63 breaches of 500 or more records were reported to OCR, which is a 46.51% increase from February, 6.92% more than the 12-month average, and 40% more breaches than in March 2022. Malicious actors continue to use ransomware in their attacks on healthcare organizations.

US Department of Health and Human Services 98

US Department of Health and Human Services Ransomware HIPAA Hospitals 98

HIPAA Journal

AUGUST 7, 2023

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a security alert about a new ransomware group – Rhysida – which is conducting high-impact attacks across multiple industry sectors. The Cobalt Strike attack framework is deployed on compromised systems and used to deliver the ransomware payload.

Ransomware 82

Ransomware Public Health HIPAA Governance 82

HIPAA Journal

JULY 20, 2023

In June, HIPAA-regulated entities reported 66 breaches, and while this was an improvement on the 73 breaches reported in June 2022, the month’s total is still well above the 12-month average of 58 data breaches a month. In H1 2023, 41,452,622 healthcare records were exposed or impermissibly disclosed.

HIPAA 91

HIPAA Ransomware Hospitals Compliance 91

HIPAA Journal

AUGUST 9, 2023

Ransomware gangs use a variety of methods for initial access to victims’ networks and while phishing is still one of the most common initial access vectors, researchers at the cybersecurity firm Akamai have identified a trend toward zero-day and day-one vulnerabilities for initial access.

Ransomware 77

Ransomware HIPAA 77

HIPAA Journal

JULY 14, 2023

There has been a sizeable fall in revenues from cryptocurrency-related crimes in the first half of 2023, with scammers seeing a 77% reduction in revenues from the same period in 2022, amassing a little over $1 billion in the first half of the year compared to $3.3 million in payments were made following ransomware attacks.

Ransomware 79

Ransomware Fraud HIPAA 79

HIPAA Journal

MAY 8, 2023

The cyberattack occurred on April 22, 2023, and the network was rapidly shut down to contain the attack. MMC planned to reopen on a limited basis on May 3, 2023, then restore full operations shortly thereafter; however, the recovery process took longer than planned.

Ransomware 131

Ransomware HIPAA 131

HIPAA Journal

AUGUST 25, 2023

million for the first 6 months of 2023 on $4.8 million difference has largely been attributed to the ransomware attack it detected on April 17, 2023., million difference has largely been attributed to the ransomware attack it detected on April 17, 2023., Point32Health has reported operating losses of $102.7

Ransomware 92

Ransomware HIPAA Medicare Medicare 92

HIPAA Journal

FEBRUARY 9, 2024

The Healthcare and Public Health (HPH) Sector has been warned about cyberattacks involving Akira ransomware , of which there have been at least 81 since the new ransomware variant was discovered in May 2023. Akira is a ransomware-as-a-service (RaaS) operation that is thought to have ties to the Conti ransomware group.

Ransomware 67

Ransomware Public Health HIPAA 67

HIPAA Journal

FEBRUARY 22, 2023

Largest Healthcare Data Breaches in January 2023 In January there were 13 data breaches involving 10,000 or more records, 8 of which involved hacked network servers and email accounts. Healthcare providers were the worst affected HIPAA-covered entity with 31 reported data breaches and 5 data breaches were reported by health plans.

HIPAA 106

HIPAA Ransomware Hospitals Compliance 106

HIPAA Journal

APRIL 26, 2023

Ransomware actors continue to target the U.S. These are some of the findings from the latest Global Threat Intelligence Report from Blackberry, which is based on threats detected by its Cylance Endpoint Security solution over 90 days from December 2022 to February 2023. per minute in the most recent reporting period.

Ransomware 102

Ransomware HIPAA Hospitals 102

HIPAA Journal

DECEMBER 30, 2022

A settlement has been proposed by Scripps Health to resolve a consolidated class action lawsuit – In Re: Scripps Health Data Incident Litigation – to resolve all claims related to its 2021 ransomware attack. The ransomware attack has proven to be incredibly costly for Scripps Health. The post Scripps Health Proposes $3.5M

Ransomware 103

Ransomware HIPAA Licensing Doctors 103

HIPAA Journal

SEPTEMBER 13, 2023

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a health and public health (HPH) sector alert about a new ransomware group called Akira, which has been in operation since March 2023. The post Akira Ransomware Group Targeting the Healthcare and Public Health Sector appeared first on HIPAA Journal.

Ransomware 80

Ransomware Public Health HIPAA 80

HIT Consultant

APRIL 29, 2024

In 2023, the healthcare industry faced its toughest year, with over 124 million health records breached in a total of 725 hacking incidents, according to The HIPAA Journal. Jim Broome, President and CTO, DirectDefense It’s not a matter of if but when an organization will face a security incident.

Ransomware 119

Ransomware HIPAA Compliance Hospitals 119

HIPAA Journal

MARCH 15, 2023

Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware attacks on critical infrastructure entities. The program is focused on identifying vulnerabilities in Internet-facing systems that are known to have been exploited by ransomware gangs in previous attacks.

Ransomware 88

Ransomware Governance HIPAA Hospitals 88

HIPAA Journal

AUGUST 28, 2023

Ransomware groups have accelerated their attacks and are now spending less time inside victims’ networks before triggering file encryption, according to the 2023 Active Adversary Report from Sophos. The data for the report came from the first 6 months of 2023 and was gathered and analyzed by the Sophos X-Ops team.

Ransomware 84

Ransomware HIPAA 84

HIPAA Journal

AUGUST 8, 2023

The LockBit ransomware group has added Varian Medical Systems to its data leak site and has threatened to publish the data of cancer patients if the ransom is not paid. AAA said it was informed by PAB on May 11, 2023, that the data of some of its patients had potentially been compromised.

Ransomware 90

Ransomware Licensing HIPAA Health Insurance 90

HIPAA Journal

APRIL 21, 2023

Ransomware attacks increased by 91% in March 2023, according to a new analysis by NCC Group. The massive increase was due to the zero-day vulnerability (CVE-2023-0669) in Fortra’s GoAnywhere MFT file management solution, which was exploited by the Clop ransomware group in 130 attacks on companies over a 10-day period.

Ransomware 93

Ransomware HIPAA 93

HIPAA Journal

APRIL 5, 2023

Montgomery General Hospital in West Virginia has suffered a cyberattack that saw unauthorized individuals gain access to its IT systems on or around February 28, 2023, and deploy ransomware on or around March 1, 2023. The post Montgomery General Hospital Suffers Ransomware Attack and Data Leak appeared first on HIPAA Journal.

Ransomware 84

Ransomware Hospitals Electronic Medical Records HIPAA 84

HIPAA Journal

NOVEMBER 9, 2023

A new report from Sophos on healthcare cybersecurity trends indicates data encryption occurred in 75% of ransomware attacks on healthcare organizations. Many ransomware gangs use double-extortion tactics, where files are encrypted after data exfiltration and a ransom must be paid to decrypt files and prevent the release of the stolen data.

Ransomware 65

Ransomware HIPAA 65

HIPAA Journal

JUNE 13, 2023

million individuals in an April 2023 ransomware attack. According to Point32Health, hackers gained access to Harvard Pilgrim’s systems on March 28, 2023, and maintained access to those systems until April 17, 2023, when the intrusion was detected and blocked. million customers. Harvard Pilgrim Health Care, Inc.

Ransomware 94

Ransomware Fraud Health Insurance HIPAA 94