Compliancy Group

FEBRUARY 23, 2024

The HHS settlement, resulting from an investigation into a 2019 ransomware attack, requires the behavioral health provider to pay $40,000, implement a corrective action plan, and submit to three years of OCR monitoring. In October 2023, HHS settled its first ransomware investigation with a business associate for $100,000.

Ransomware 52

Ransomware HIPAA Compliance 52

Compliancy Group

APRIL 4, 2023

One such case is the Community Health Systems (CHS) C10P Ransomware attack, which affected millions of patients and resulted in a multistate HIPAA settlement. ​​No No one is protected from HIPAA violation double jeopardy. What is Ransomware? Become HIPAA Compliant × Get HIPAA Compliant! Find Out More!

Ransomware 52

Ransomware HIPAA Compliance 52

HIPAA Journal

MARCH 29, 2024

It has been more than 5 weeks since Change Healthcare suffered a Blackcat ransomware attack. Department of State Offers $10 Million Reward for Information on ALPHV/Blackcat Ransomware Group The U.S. The AHA expressed concern about Fontes Rainer’s statement and is seeking clarification on which entities need to issue notifications.

Ransomware 97

Ransomware US Department of Health and Human Services HIPAA Hospitals 97

HIPAA Journal

JANUARY 11, 2023

Healthcare ransomware attacks have at least doubled in the past 5 years, data recovery from backups has decreased, and it is now common for data to be stolen and publicly released following a successful attack, according to a new analysis recently published in the JAMA Health Forum. Out of the 374 confirmed ransomware attacks, only 20.6%

Ransomware 116

Ransomware HIPAA Hospitals 116

Healthcare IT Today

DECEMBER 22, 2023

Department of Health and Human Services (HHS) said it will update the HIPAA Security Rule in 2024 and will ask Congress for new laws and resources to increase civil money penalties for HIPAA violations, increase HIPAA enforcement, and conduct proactive audits.

HIPAA 115

HIPAA Ransomware Compliance Hospitals 115

HIPAA Journal

MARCH 24, 2023

Ransomware activity increased in February according to the latest GRIT Ransomware Report from GuidePoint Security. ransomware group was particularly active in February, posting more than twice the number of victims (129) on its leak site as January (50), accounting for virtually all of the monthly increase in attacks.

Ransomware 124

Ransomware Public Health HIPAA 124

HIPAA Journal

NOVEMBER 23, 2022

The healthcare and public health sector (HPH) has been warned about the threat of ransomware attacks by the Lorenz threat group, which has conducted several attacks in the United States over the past two years, with no sign that attacks are slowing. In contrast to most other ransomware gangs, relatively little is known about this group.

Ransomware 130

Ransomware Public Health HIPAA 130

HIT Consultant

APRIL 29, 2024

In 2023, the healthcare industry faced its toughest year, with over 124 million health records breached in a total of 725 hacking incidents, according to The HIPAA Journal. Jim Broome, President and CTO, DirectDefense It’s not a matter of if but when an organization will face a security incident.

Ransomware 119

Ransomware HIPAA Compliance Hospitals 119

HIPAA Journal

JUNE 29, 2022

On June 25, 2022, a spokesperson for a threat group called DAIXIN Team contacted HIPAA Journal to share information about a ransomware attack and data theft incident at Fitzgibbon Hospital in Marshall, Missouri. DAIXIN Team was previously not known to HIPAA Journal and appears to be a new ransomware group.

Ransomware 117

Ransomware Hospitals HIPAA Health Insurance 117

HIPAA Journal

DECEMBER 5, 2022

The Cuba ransomware group has increased attacks in the United States, with attacks doubling since December 2021, and ransom payments are also on the rise. According to CISA and the FBI, there are similarities between the infrastructure used by the Cuba ransomware operation and the RomCom RAT and Industrial Spy ransomware actors.

Ransomware 116

Ransomware Public Health HIPAA Governance 116

Healthcare IT Today

APRIL 4, 2024

That’s why we were particularly interested in this session at HIMSS 2024 that looked at how to create a HIPAA-Compliant BYOD program which balanced the security needs of a healthcare organization while still meeting the workflow needs of their users. Million in HIPAA fines. Plus, healthcare has up to $1.5

HIPAA 113

HIPAA Ransomware Hospitals 113

HIPAA Journal

MAY 25, 2023

CommonSpirit Health has provided an updated estimate on the cost of its October 2022 ransomware attack, which is expected to increase to $160 million. The ransomware attack was detected by CommonSpirit Health on October 2, 2022, forcing systems to be taken offline. The lawsuit was filed in December 2022 in the U.S.

Ransomware 113

Ransomware HIPAA Hospitals 113

HIPAA Journal

DECEMBER 9, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare and public health (HPH) sector about Royal ransomware attacks. Royal ransomware is a new ransomware threat that was first observed being used in attacks in September 2022. Both will prevent files from being opened.

Ransomware 111

Ransomware Public Health HIPAA 111

HIPAA Journal

JANUARY 3, 2023

Ransomware attacks continue to be conducted on healthcare organizations in high numbers but determining the extent to which healthcare organizations are being targeted by ransomware gangs is a challenge. The decision whether or not to encrypt appears to be taken on an attack-by-attack basis.

Ransomware 109

Ransomware Hospitals HIPAA Governance 109

HIPAA Journal

DECEMBER 13, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has released analyses of two ransomware variants that are being used in attacks on the healthcare sector: LockBit 3.0 LockBit ransomware was first detected in September 2019 when it was known as ABCD ransomware. and has code similar to DarkSide and BlackMatter ransomware.

Ransomware 126

Ransomware HIPAA 126

HIPAA Journal

FEBRUARY 9, 2024

The Healthcare and Public Health (HPH) Sector has been warned about cyberattacks involving Akira ransomware , of which there have been at least 81 since the new ransomware variant was discovered in May 2023. Akira is a ransomware-as-a-service (RaaS) operation that is thought to have ties to the Conti ransomware group.

Ransomware 70

Ransomware Public Health HIPAA 70

HIPAA Journal

FEBRUARY 6, 2023

The French Computer Emergency Response Team (CERT-FR) has warned about an ongoing ransomware campaign targeting VMware ESXi hypervisors that have not been patched against the critical heap-overflow vulnerability tracked as CVE-2021-21974. After applying the mitigations, system scans should be performed to detect signs of compromise.

Ransomware 125

Ransomware HIPAA 125

HIT Consultant

MARCH 25, 2024

UnitedHealth Group’s technology unit, Change Healthcare, is currently facing an ongoing ransomware attack which has reverberated through healthcare systems and affected prescription deliveries. Phishing attacks, a common vector for ransomware infections, often exploit human vulnerabilities through deceptive emails and other communications.

Ransomware 113

Ransomware US Department of Health and Human Services Regulatory Compliance Compliance 113

HIPAA Journal

AUGUST 7, 2023

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a security alert about a new ransomware group – Rhysida – which is conducting high-impact attacks across multiple industry sectors. The Cobalt Strike attack framework is deployed on compromised systems and used to deliver the ransomware payload.

Ransomware 82

Ransomware Public Health HIPAA Governance 82

HIPAA Journal

JUNE 6, 2022

Ransomware attacks on healthcare organizations increased by 94% year over year, according to the 2022 State of Ransomware Report from cybersecurity firm Sophos. This year’s report focused on the rapidly evolving relationship between ransomware and cyber insurance in healthcare.

Ransomware 127

Ransomware HIPAA 127

HIPAA Journal

NOVEMBER 23, 2022

Databreaches.net investigated and identified an entry on the data leak site of a relatively unknown ransomware group called Project Relic, which has claimed responsibility for the attack. According to Blackpoint, the ransomware is written in Go due to its portability, speed, and the minimal chance of it being detected by static analysis.

Ransomware 128

Ransomware Hospitals Doctors HIPAA 128

The HIPAA Blog

FEBRUARY 26, 2024

LaFourche Medical Group pays $480,000 to settle ransomware attack affecting 35.000 patients: An emergency and occupational medicine practice in Louisiana was a ransomware victim in 2021, the result of a successful email phishing attack.

Ransomware 45

Ransomware HIPAA 45

HIPAA Journal

MARCH 10, 2023

Codman Square Health Center in Boston, MA, has confirmed that it was the victim of a ransomware attack in November 2022 in which hackers gained access to the protected health information of 10,161 current and former patients. The post Ransomware Attack Announced by Codman Square Health Center appeared first on HIPAA Journal.

Ransomware 110

Ransomware HIPAA 110

HIPAA Journal

APRIL 8, 2024

The Medusa ransomware group has leaked data stolen from American Renal Associates. American Renal Associates American Renal Associates (ARA), one of the largest providers of dialysis services in the United States and a provider of care for patients suffering from end-stage renal disease has experienced a Medusa ransomware attack.

Ransomware 68

Ransomware Health Insurance Licensing HIPAA 68

HIPAA Journal

APRIL 26, 2023

Ransomware actors continue to target the U.S. The most commonly detected malware were droppers, downloaders, remote access tools (RATs), and ransomware. Emotet is capable of self-propagation and lateral movement and is used to deliver malware and ransomware payloads.

Ransomware 104

Ransomware HIPAA Hospitals 104

HIPAA Journal

MARCH 29, 2024

In February, Harvard Pilgrim Health Care revised the total number of individuals affected by an April 2023 ransomware attack, increasing the total by more than 81,000 to 2,632,275 individuals. The post Harvard Pilgrim Health Care Increases Ransomware Victim Count to 2.86 Million appeared first on HIPAA Journal.

Ransomware 66

Ransomware HIPAA Health Insurance 66

HIPAA Journal

FEBRUARY 27, 2023

The healthcare and public health (HPH) sector has been warned about cyberattacks involving MedusaLocker ransomware – one of the lesser-known ransomware variants used in cyberattacks on the sector. The ransomware variant was first detected in September 2019 and the group is thought to primarily target the HPH sector.

Ransomware 101

Ransomware Public Health HIPAA 101

HIPAA Journal

FEBRUARY 8, 2024

In March 2023, CISA launched its Pre-Ransomware Notification Initiative which sees alerts issued if vulnerabilities are detected that are known to be actively exploited by ransomware groups to allow organizations to take action to prevent the vulnerabilities from being exploited.

Ransomware 76

Ransomware HIPAA 76

HIPAA Journal

MAY 1, 2023

The Health Sector Cybersecurity and Coordination Center (HC3) has issued a fresh ransomware warning to the healthcare and public health (HPH) sector following a spate of attacks on the HPH sector in April by the Clop and LockBit ransomware groups. LockBit ransomware was deployed in some of the attacks.

Ransomware 103

Ransomware Public Health HIPAA 103

HIPAA Journal

NOVEMBER 10, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has recently shared details of the tactics, techniques, and procedures associated with Venus ransomware attacks, and has made several recommendations on mitigations that healthcare organizations can implement to improve their defenses against attacks.

Ransomware 107

Ransomware HIPAA 107

HIPAA Journal

MARCH 23, 2023

Ransomware gangs are increasingly skipping file encryption and are concentrating on data theft and extortion, according to a recent report from Palo Alto Networks’ Unit 42 team. In the second half of 2021 and throughout 2022, around 1 in 10 attacks by ransomware gangs did not involve file encryption, only data theft and extortion.

Ransomware 90

Ransomware HIPAA Hospitals 90

HIPAA Journal

MARCH 15, 2023

Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware attacks on critical infrastructure entities. The program is focused on identifying vulnerabilities in Internet-facing systems that are known to have been exploited by ransomware gangs in previous attacks.

Ransomware 90

Ransomware Governance HIPAA Hospitals 90

HIPAA Journal

SEPTEMBER 13, 2023

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a health and public health (HPH) sector alert about a new ransomware group called Akira, which has been in operation since March 2023. The post Akira Ransomware Group Targeting the Healthcare and Public Health Sector appeared first on HIPAA Journal.

Ransomware 81

Ransomware Public Health HIPAA 81

HIPAA Journal

APRIL 21, 2022

The Federal Bureau of Investigation (FBI) has issued a TLP: WHITE flash alert about the BlackCat ransomware-a-s-a-service (RaaS) operation. Unusually for ransomware, it is written in RUST, which is considered to be a more secure programming language that ensures better performance and concurrent processing.

Ransomware 127

Ransomware HIPAA 127

HIPAA Journal

JULY 6, 2022

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) have issued a joint cybersecurity advisory about MedusaLocker ransomware.

Ransomware 117

Ransomware HIPAA 117

HIPAA Journal

NOVEMBER 13, 2023

A zero-day vulnerability in the SysAid IT service management solution is being exploited by the Lace Tempest (aka FIN11, DEV-0950, TA505) threat group to gain access to SysAid servers, steal data, and deploy Clop ransomware. After exfiltrating sensitive data, Clop ransomware was deployed and executed.

Ransomware 90

Ransomware HIPAA 90

HIT Consultant

DECEMBER 20, 2023

Cam Roberson, VP at Beachhead Solutions Healthcare delivery organizations and those working with them that are still in business are either well aware of their duties under HIPAA, work with managed service providers that understand the law well, or…are lucky to have made it this far. The recent bill H.R.7898

HIPAA 105

HIPAA Ransomware Governance 105