2023, HIPAA, Licensing and Ransomware - Health Care Compliance Brief

Patient Data Stolen from Livanova in October 2023 Ransomware Attack

HIPAA Journal

APRIL 30, 2024

The medical device manufacturer Livanova, the Massachusetts community behavioral health center Aspire Health Alliance, and Santa Rosa Behavioral Healthcare Hospital in California have experienced ransomware attacks that exposed patient data. The LockBit ransomware group claimed responsibility for the attack.

Ransomware

Ransomware Licensing Health Insurance HIPAA

Ransomware Attack on Texas Ophthalmology Practice Exposes Data of 80,000 Patients

HIPAA Journal

MAY 23, 2024

A Texas ophthalmology practice has experienced a ransomware attack that resulted in the encryption of files on its computer systems. The substitute breach notice does not state when the unauthorized access was detected, only that it occurred on or around October 17, 2023.

Ransomware

Ransomware Licensing HIPAA

November 8, 2023, Healthcare Data Breach Round-Up

HIPAA Journal

NOVEMBER 8, 2023

Mulkay Cardiology Consultants at Holy Name Medical Center has recently confirmed that it fell victim to a ransomware attack. The attack was detected on September 5, 2023, when files on its network were encrypted. According to the breach notice, Mulkay was able to rebuild its systems and recover the encrypted files from backups.

Ransomware

Ransomware Licensing Health Insurance HIPAA

Kisco Senior Living & Island Ambulatory Surgery Center Disclose Summer 2023 Cyberattacks

HIPAA Journal

APRIL 23, 2024

Notification letters have been sent to more than 34,500 individuals about ransomware attacks that occurred more than 9 months ago. Kisco Senior Living experienced its attack in June 2023, and Island Ambulatory Surgery Center suffered an attack in July. Notification letters were mailed to the affected individuals on April 5, 2024.

Ransomware

Ransomware Fraud Licensing HIPAA

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates

HIPAA Journal

APRIL 8, 2024

The Medusa ransomware group has leaked data stolen from American Renal Associates. American Renal Associates American Renal Associates (ARA), one of the largest providers of dialysis services in the United States and a provider of care for patients suffering from end-stage renal disease has experienced a Medusa ransomware attack.

Ransomware

Ransomware Health Insurance Licensing HIPAA

Scripps Health Proposes $3.5M Settlement to Resolve Class Action Ransomware Lawsuit

HIPAA Journal

DECEMBER 30, 2022

A settlement has been proposed by Scripps Health to resolve a consolidated class action lawsuit – In Re: Scripps Health Data Incident Litigation – to resolve all claims related to its 2021 ransomware attack. The ransomware attack has proven to be incredibly costly for Scripps Health. The post Scripps Health Proposes $3.5M

Ransomware

Ransomware HIPAA Licensing Doctors

LockBit Ransomware Group Threatens to Publish Stolen Cancer Patient Data

HIPAA Journal

AUGUST 8, 2023

The LockBit ransomware group has added Varian Medical Systems to its data leak site and has threatened to publish the data of cancer patients if the ransom is not paid. AAA said it was informed by PAB on May 11, 2023, that the data of some of its patients had potentially been compromised.

Ransomware

Ransomware Licensing HIPAA Health Insurance

Maternal & Family Health Services Sued Over Ransomware Attack and Data Breach

HIPAA Journal

MARCH 10, 2023

In January 2023, MFHS, one of the largest healthcare providers in the state, notified approximately 461,000 current and former patients about a security breach. According to the notifications, unauthorized individuals gained access to its network and used ransomware to encrypt files.

Ransomware

Ransomware HIPAA Licensing Health Insurance

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

HIPAA Journal

SEPTEMBER 12, 2023

Seymour, IN-based Schneck Medical Center has settled a lawsuit with the Indiana attorney general, Todd Rokita, over a 2021 ransomware attack and data breach that affected 89,707 Indiana residents. The post Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG appeared first on HIPAA Journal.

HIPAA

HIPAA Ransomware Health Insurance Fraud

Naked Patient Photos Published After Ransomware Attack on Plastic Surgery Clinic

HIPAA Journal

JULY 17, 2023

The notification was received on May 9, 2023, and a third-party incident response firm was engaged to investigate and determine the validity of the threat actor’s claims. The post Naked Patient Photos Published After Ransomware Attack on Plastic Surgery Clinic appeared first on HIPAA Journal.

Ransomware

Ransomware HIPAA Licensing Health Insurance

Ottumwa Fire Department Fires Employees for Misconduct and HIPAA Violations

HIPAA Journal

AUGUST 10, 2023

The Ottumwa Fire Department in Iowa has recently fired employees for alleged violations of the HIPAA Rules and other misconduct. Affected individuals were notified on August 4, 2023. For the research study, the data was published on the tool on February 25, 2018, and for the quality improvement project, on January 14, 2023.

HIPAA

HIPAA Ransomware Licensing Health Insurance

Ransomware Gangs Claim Three Healthcare Victims

HIPAA Journal

MAY 26, 2023

That appears to be the case with two recent cyberattacks, neither of which mention ransomware or confirm that data theft occurred. AENT said it was able to determine that “an unauthorized actor may have had access to certain systems that stored personal and protected health information,” between March 23, 2023, and April 4, 2023.

Ransomware

Ransomware Health Insurance HIPAA Licensing

Forefront Dermatology Proposes $3.75 Million Settlement to Resolve Ransomware Lawsuit

HIPAA Journal

NOVEMBER 21, 2022

The Wisconsin-based dermatology practice, Forefront Dermatology, has agreed to settle a class action lawsuit filed on behalf of patients whose protected health information (PHI) was compromised in a ransomware attack in late May 2021. The final approval hearing has been scheduled for March 1, 2023.

Ransomware

Ransomware Fraud HIPAA Licensing

Cyberattacks Reported by Bienville Orthopaedic Specialists and Just Kids Dental

HIPAA Journal

SEPTEMBER 8, 2023

A security breach was detected on March 5, 2023, and systems were immediately taken offline to prevent further unauthorized access. A forensic investigation was initiated to determine the nature and scope of the attack, which confirmed there had been unauthorized access to its systems between February 3, 2023, and March 5, 2023.

Licensing

Licensing Ransomware Health Insurance HIPAA

BianLian Threat Group Claims Responsibility for Cyberattack on Tennessee Eye Clinic Network

HIPAA Journal

APRIL 25, 2024

OPMT said, “Even though it is not specifically required by HIPAA, we will offer identity theft protection services to all affected individuals; we feel that this is an important precaution to protect our patients.” On October 26, 2023, Advarra discovered suspicious activity in an employee’s user account.

Licensing

Licensing HIPAA Ransomware

Azura Vascular Care Reports Data Breach Affecting 348,000 Patients

HIPAA Journal

FEBRUARY 8, 2024

The incident was detected on November 9, 2023. Cybersecurity experts were engaged to assist with the investigation, which confirmed that unauthorized individuals accessed certain systems on or before September 27, 2023, and encrypted certain files. It is not clear from the notification letters when the intrusion occurred.

Ransomware

Ransomware Electronic Medical Records Licensing Health Insurance

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

HIPAA Journal

MARCH 29, 2023

Atlantic General Hospital – Ransomware Attack Atlantic General Hospital (AGH) in Berlin, MD, has recently reported a ransomware attack to the Maine Attorney General that has affected up to 30,704 individuals. The attack was detected on January 29, 2023, when files were discovered to have been encrypted.

Hospitals

Hospitals Ransomware Licensing Health Insurance

Kannact & Vincera Institute Fall Victim to Cyberattacks

HIPAA Journal

JUNE 22, 2023

an Albany, OR-based home care service, says it detected unauthorized access to its computer network on March 13, 2023. Individuals whose Social Security and driver’s license numbers were impacted have been offered complimentary credit monitoring and identity theft protection services. Kannact Inc.,

Ransomware

Ransomware Licensing HIPAA

Electromed Proposes $825,000 Class Action Data Breach Settlement

HIPAA Journal

FEBRUARY 15, 2023

The medical device manufacturer Electromed has proposed a $850,000 settlement to resolve claims related to a June 2021 ransomware attack and data breach involving the protected health information of 47,200 individuals. The deadline for objection to and exclusion from the settlement is March 2, 2023. A lawsuit – Lutz, et al.

Ransomware

Ransomware Fraud Licensing Health Insurance

24,400 Rite Aid Customers Had Personal Informatiion Compromised in May Cyberattack

HIPAA Journal

JULY 25, 2023

The vulnerability was identified on May 31, 2023, with the forensic investigation confirming data theft occurred on May 26, 2023. Wake Family Eye Care Suffers Ransomware Attack Wake Family Eye Care in Cary, NC, recently fell victim to a ransomware attack. Financial information was not compromised.

Ransomware

Ransomware Licensing HIPAA Health Insurance

Up to 170,450 Patients Affected by Cyberattack on the Chattanooga Heart Institute

HIPAA Journal

AUGUST 2, 2023

The Chattanooga Heart Institute (CHI) in Tennessee has recently announced that it identified a cyberattack on its network on April 17, 2023. A third-party data review company was provided with the files on December 22, 2022, and provided the results of the analysis to SHS on May 16, 2023.

Licensing

Licensing Electronic Medical Records Ransomware Health Insurance

San Juan Regional Medical Center Settles Data Breach Lawsuit

HIPAA Journal

DECEMBER 2, 2022

San Juan Regional Medical Center stated at the time that this was a malware, rather than a ransomware attack. While legal action was not taken over a HIPAA violation, the lawsuit alleged the lack of appropriate safeguards constituted a HIPAA violation. All claims must be submitted by February 8, 2023.

Licensing

Licensing HIPAA Ransomware Health Insurance

Multiple Data Breaches Reported by Iowa Medicaid and South Jersey Behavioral Health Resources

HIPAA Journal

JUNE 8, 2023

An unauthorized third party gained access to MCNA Dental’s systems on February 26, 2023, the breach was detected on March 6, 2023, and the unauthorized access was blocked the following day. A few days later, on April 5, 2023, SJBHR was the victim of a ransomware attack that resulted in files being encrypted on certain computer systems.

Medicaid

Medicaid Medicaid Ransomware Health Insurance

98,000 UT Southwestern Medical Center Patients Affected by MOVEit Cyberattack

HIPAA Journal

JULY 27, 2023

UT Southwestern Medical Center (UTSW) has recently confirmed that the protected health information of 98,437 patients was stolen in a cyberattack on May 28, 2023. UTSW was notified about the attack by Progress Software on May 30, 2023, and the exploited vulnerability was immediately patched.

Ransomware

Ransomware Licensing Health Insurance HIPAA

Patient Data Likely Lost Due to Cyberattack on Mercy Medical Center – Clinton

HIPAA Journal

JUNE 8, 2023

The security breach was detected on April 4, 2023, and the forensic investigation confirmed its network had been accessed by an unauthorized third party between March 7, 2023, and April 4, 2023. According to the May 22, 2023, breach notice, the incidents occurred in 2021.

Ransomware

Ransomware HIPAA Licensing Health Insurance

ILS Data Breach Affects Almost 21K Iowan Medicaid Recipients

HIPAA Journal

APRIL 14, 2023

While ILS discovered the breach in July 2022, it took until February 14, 2023, for Telligen to be notified about the breach. Telligen notified the Iowa DHSS three days later on February 17, 2023. Notifications were mailed to affected individuals on April 10, 2023. Ransomware was not used in the attack, but files were stolen.

Medicaid

Medicaid Medicaid Ransomware HIPAA

19,000 Amazon PillPack Customer Accounts Compromised

HIPAA Journal

MAY 24, 2023

Unauthorized customer account activity was detected by PillPack on April 3, 2023, and the investigation revealed customer accounts had been accessed by an unauthorized third party between April 2 and April 6, 2023. Up-to-date contact information then needed to be obtained, and notification letters started to be sent on April 19, 2023.

HIPAA

HIPAA Ransomware Licensing Governance

Peachtree Orthopedics Suffers Data Theft and Extortion Incident

HIPAA Journal

JUNE 8, 2023

Peachtree Orthopedics in Atlanta, GA, has announced that it was the victim of a cyberattack on April 20, 2023. Mission Community Hospital Investigating Cyberattack Mission Community Hospital in California is investigating a cyberattack that occurred on April 29, 2023. It is unclear if the two incidents are linked.

Ransomware

Ransomware Hospitals Medical Billing HIPAA

Up to 11 Million Health Records Compromised in Cyberattack on Government Contractor

HIPAA Journal

JULY 31, 2023

a government services contracting company, has announced in a Securities and Exchange Commission (SEC) filing that hackers exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer solution in May 2023 and accessed the protected health information (PHI) of between 8 and 11 million individuals. Reston, VA-based Maximus Inc.,

Governance

Governance Medicare Medicare Ransomware

5 Healthcare Providers Suffer PHI Breaches

HIPAA Journal

MAY 18, 2023

Suspicious network activity was detected on March 9, 2023, and immediate action was taken to secure the network. The business associate detected a security breach on March 6, 2023, and the investigation confirmed its systems were accessed on March 4, 2023.

Ransomware

Ransomware HIPAA Licensing Medicare

Artificial Intelligence, Extinction-Level Threat or Solution?

AIHC

MARCH 12, 2024

Please read other AI articles published by the American Institute of Healthcare Compliance regarding how AI can advance quality of care, how AI is regulated, use of AI and HIPAA privacy/security, to name a few topics. A Government-Commissioned Report Released February 2024 The U.S. This PPT addresses: What is artificial intelligence?

Ransomware

Ransomware Governance Compliance HIPAA

HC3 Issues HPH Sector Alert Following Suspected Clop Cyberattacks

HIPAA Journal

FEBRUARY 23, 2023

In Early February, a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file transfer software (CVE-2023-0669) was exploited in attacks on more than 130 organizations, including several in the healthcare industry such as Community Health Systems (CHS) in Tennessee. That attack affected up to 1 million patients.

Ransomware

Ransomware Licensing Public Health HIPAA

Artificial Intelligence, Extinction-Level Threat or Solution?

AIHC

MARCH 12, 2024

Please read other AI articles published by the American Institute of Healthcare Compliance regarding how AI can advance quality of care, how AI is regulated, use of AI and HIPAA privacy/security, to name a few topics. A Government-Commissioned Report Released February 2024 The U.S. This PPT addresses: What is artificial intelligence?

Ransomware

Ransomware Governance Compliance HIPAA

California and North Dakota Hospitals Report Cyberattacks

HIPAA Journal

MARCH 28, 2024

Suspicious activity was detected within its network on April 13, 2023, and after securing its systems, a forensic investigation was launched to determine the nature and scope of the unauthorized activity. In November 2023, the vendor was unable to access the patient management tool and worked with its subcontractor to address the problem.

Hospitals

Hospitals Ransomware HIPAA Licensing

Norton Healthcare Facing Class Action Lawsuit Over BlackCat Cyberattack

HIPAA Journal

JULY 27, 2023

Norton Healthcare, a Kentucky-based operator of more than 140 clinics and hospitals in Kentucky and Southern Indiana, is facing a class action lawsuit over a May 2023 cyberattack and data breach. On July 21, 2023, a class action lawsuit was filed in U.S.

Ransomware

Ransomware Fraud Licensing Health Insurance

277,000 Santa Clara Family Health Plan Members Affected by GoAnywhere Hack

HIPAA Journal

APRIL 25, 2023

Santa Clara Family Health Plan Confirmed as Victim of Clop GoAnywhere Hack Santa Clara Family Health Plan has confirmed the 276,993-record data breach reported to the HHS’ Office for Civil Rights on March 30, 2023, was due to the hacking of Fortra’s GoAnywhere MFT solution by the Clop ransomware group.

Health Insurance

Health Insurance Public Health Ransomware Fraud

Protected Health Information Exposed in 5 Recent Hacking Incidents

HIPAA Journal

MARCH 16, 2023

Florida Medical Clinic Florida Medical Clinic has recently announced that it was the victim of a ransomware attack. The attack was detected on January 9, 2023, and prompt action was taken to contain the attack, which limited data exposure, although files were encrypted.

Electronic Medical Records

Electronic Medical Records Health Insurance Ransomware HIPAA

Health IT Trends that Deserve More Attention

Healthcare IT Today

FEBRUARY 23, 2024

Mateusz Krempa, COO at Piwik Pro Broader reflection and discussion on HIPAA-compliant technologies would help the industry see beyond popular solutions and identify tools that balance successful data processing with regulatory requirements. The following is what they had to share with us. advertising platforms).

Compliance

Compliance HIPAA Nurses Hospitals

Ransomware Attacks Announced by Maternal & Family Health Services and Retreat Behavioral Health

HIPAA Journal

JANUARY 9, 2023

Maternal & Family Health Services in Eastern Pennsylvania has recently notified certain patients about an April 4, 2022, ransomware attack in which sensitive patient data was exposed. Notifications were sent to affected individuals on January 3, 2023. Retreat Behavioral Health Ransomware Attack Affects Up to 23,620 Patients.

Ransomware

Ransomware HIPAA Licensing Health Insurance

Regal Medical Group Ransomware Attack & Southeast Colorado Hospital District Email Breach

HIPAA Journal

FEBRUARY 7, 2023

Regal Medical Group, a San Bernardino, CA-based affiliate of the Heritage Provider Network, recently announced that it was attacked with ransomware. The forensic investigation confirmed that the attackers gained access to the servers on or around December 1 and exfiltrated files before the ransomware was deployed.

Ransomware

Ransomware Hospitals Licensing HIPAA

Healthcare Data Potentially Compromised in 5 Hacking Incidents

HIPAA Journal

MAY 2, 2023

NYSARC Columbia County Chapter Notifies Individuals About July 2022 Ransomware Attack NYSARC Columbia County Chapter (COARC) has started notifying certain individuals that some of their protected health information has potentially been obtained by unauthorized individuals in a July 2022 ransomware attack.

Ransomware

Ransomware Licensing Health Insurance HIPAA

Four Healthcare Compliance Issues to Watch (March 2023)

Compliancy Group

MARCH 17, 2023

Public Health Emergency will end on May 11, 2023. HHS (the Department of Health and Human Services) waived penalties against providers using technologies for telehealth services that didn’t meet the standards of the HIPAA Privacy Rule and the HIPAA Security Rule during the public health emergency. Learn More! ×

Compliance

Compliance HIPAA Public Health Ransomware

Morris Hospital & Healthcare Centers Notifies Almost 249,000 Patients About April Cyberattack

HIPAA Journal

AUGUST 22, 2023

Morris Hospital & Healthcare Centers in Illinois has started notifying 248,943 individuals about a cyberattack that was detected on April 4, 2023. That information included diagnoses, phone numbers, Social Security numbers, insurance information, driver’s license numbers, and scans.

Hospitals

Hospitals Ransomware HIPAA Licensing

Cyberattacks Reported by Precision Imaging Centers, Marshall & Melhorn, and Atrium Health Wake Forest Baptist

HIPAA Journal

JULY 3, 2023

The compromised information varied from patient to patient and may have included first and last names, addresses, dates of birth, Social Security numbers, driver’s license numbers, government-issued identification numbers, health insurance information, medical conditions/diagnoses, and other health or medical information.

Health Insurance

Health Insurance Licensing Ransomware HIPAA

Patient Data Stolen from Livanova in October 2023 Ransomware Attack

Ransomware Attack on Texas Ophthalmology Practice Exposes Data of 80,000 Patients

Trending Sources

November 8, 2023, Healthcare Data Breach Round-Up

Kisco Senior Living & Island Ambulatory Surgery Center Disclose Summer 2023 Cyberattacks

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates

Scripps Health Proposes $3.5M Settlement to Resolve Class Action Ransomware Lawsuit

LockBit Ransomware Group Threatens to Publish Stolen Cancer Patient Data

Maternal & Family Health Services Sued Over Ransomware Attack and Data Breach

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

Naked Patient Photos Published After Ransomware Attack on Plastic Surgery Clinic

Ottumwa Fire Department Fires Employees for Misconduct and HIPAA Violations

Ransomware Gangs Claim Three Healthcare Victims

Forefront Dermatology Proposes $3.75 Million Settlement to Resolve Ransomware Lawsuit

Cyberattacks Reported by Bienville Orthopaedic Specialists and Just Kids Dental

BianLian Threat Group Claims Responsibility for Cyberattack on Tennessee Eye Clinic Network

Azura Vascular Care Reports Data Breach Affecting 348,000 Patients

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

Kannact & Vincera Institute Fall Victim to Cyberattacks

Electromed Proposes $825,000 Class Action Data Breach Settlement

24,400 Rite Aid Customers Had Personal Informatiion Compromised in May Cyberattack

Up to 170,450 Patients Affected by Cyberattack on the Chattanooga Heart Institute

San Juan Regional Medical Center Settles Data Breach Lawsuit

Multiple Data Breaches Reported by Iowa Medicaid and South Jersey Behavioral Health Resources

98,000 UT Southwestern Medical Center Patients Affected by MOVEit Cyberattack

Patient Data Likely Lost Due to Cyberattack on Mercy Medical Center – Clinton

ILS Data Breach Affects Almost 21K Iowan Medicaid Recipients

19,000 Amazon PillPack Customer Accounts Compromised

Peachtree Orthopedics Suffers Data Theft and Extortion Incident

Up to 11 Million Health Records Compromised in Cyberattack on Government Contractor

5 Healthcare Providers Suffer PHI Breaches

Artificial Intelligence, Extinction-Level Threat or Solution?

HC3 Issues HPH Sector Alert Following Suspected Clop Cyberattacks

Artificial Intelligence, Extinction-Level Threat or Solution?

California and North Dakota Hospitals Report Cyberattacks

Norton Healthcare Facing Class Action Lawsuit Over BlackCat Cyberattack

277,000 Santa Clara Family Health Plan Members Affected by GoAnywhere Hack

Protected Health Information Exposed in 5 Recent Hacking Incidents

Health IT Trends that Deserve More Attention

Ransomware Attacks Announced by Maternal & Family Health Services and Retreat Behavioral Health

Regal Medical Group Ransomware Attack & Southeast Colorado Hospital District Email Breach

Healthcare Data Potentially Compromised in 5 Hacking Incidents

Four Healthcare Compliance Issues to Watch (March 2023)

Morris Hospital & Healthcare Centers Notifies Almost 249,000 Patients About April Cyberattack

Cyberattacks Reported by Precision Imaging Centers, Marshall & Melhorn, and Atrium Health Wake Forest Baptist

Stay Connected