HIPAA Journal

MARCH 10, 2023

In January 2023, MFHS, one of the largest healthcare providers in the state, notified approximately 461,000 current and former patients about a security breach. According to the notifications, unauthorized individuals gained access to its network and used ransomware to encrypt files.

Ransomware 82

Ransomware HIPAA Licensing Health Insurance 82

HIPAA Journal

MAY 26, 2023

That appears to be the case with two recent cyberattacks, neither of which mention ransomware or confirm that data theft occurred. AENT said it was able to determine that “an unauthorized actor may have had access to certain systems that stored personal and protected health information,” between March 23, 2023, and April 4, 2023.

Ransomware 59

Ransomware Health Insurance HIPAA Licensing 59

HIPAA Journal

NOVEMBER 21, 2022

The Wisconsin-based dermatology practice, Forefront Dermatology, has agreed to settle a class action lawsuit filed on behalf of patients whose protected health information (PHI) was compromised in a ransomware attack in late May 2021. The final approval hearing has been scheduled for March 1, 2023.

Ransomware 62

Ransomware Fraud HIPAA Licensing 62

HIPAA Journal

SEPTEMBER 8, 2023

A security breach was detected on March 5, 2023, and systems were immediately taken offline to prevent further unauthorized access. A forensic investigation was initiated to determine the nature and scope of the attack, which confirmed there had been unauthorized access to its systems between February 3, 2023, and March 5, 2023.

Licensing 96

Licensing Ransomware Health Insurance HIPAA 96

HIPAA Journal

FEBRUARY 8, 2024

The incident was detected on November 9, 2023. Cybersecurity experts were engaged to assist with the investigation, which confirmed that unauthorized individuals accessed certain systems on or before September 27, 2023, and encrypted certain files. It is not clear from the notification letters when the intrusion occurred.

Ransomware 79

Ransomware Electronic Medical Records Licensing Health Insurance 79

HIPAA Journal

MARCH 29, 2023

Atlantic General Hospital – Ransomware Attack Atlantic General Hospital (AGH) in Berlin, MD, has recently reported a ransomware attack to the Maine Attorney General that has affected up to 30,704 individuals. The attack was detected on January 29, 2023, when files were discovered to have been encrypted.

Hospitals 96

Hospitals Ransomware Licensing Health Insurance 96

HIPAA Journal

JUNE 22, 2023

an Albany, OR-based home care service, says it detected unauthorized access to its computer network on March 13, 2023. Individuals whose Social Security and driver’s license numbers were impacted have been offered complimentary credit monitoring and identity theft protection services. Kannact Inc.,

Ransomware 74

Ransomware Licensing HIPAA 74

HIPAA Journal

AUGUST 2, 2023

The Chattanooga Heart Institute (CHI) in Tennessee has recently announced that it identified a cyberattack on its network on April 17, 2023. A third-party data review company was provided with the files on December 22, 2022, and provided the results of the analysis to SHS on May 16, 2023.

Licensing 71

Licensing Electronic Medical Records Ransomware Health Insurance 71

HIPAA Journal

JULY 25, 2023

The vulnerability was identified on May 31, 2023, with the forensic investigation confirming data theft occurred on May 26, 2023. Wake Family Eye Care Suffers Ransomware Attack Wake Family Eye Care in Cary, NC, recently fell victim to a ransomware attack. Financial information was not compromised.

Ransomware 79

Ransomware Licensing HIPAA Health Insurance 79

HIPAA Journal

APRIL 25, 2024

Like several other cybercriminal groups, BianLian tends not to use ransomware anymore and just steals data and demands payment to prevent the exposure or sale of the data. On October 26, 2023, Advarra discovered suspicious activity in an employee’s user account. The BianLian group has claimed responsibility for the attack.

Licensing 83

Licensing HIPAA Ransomware 83

HIPAA Journal

FEBRUARY 15, 2023

The medical device manufacturer Electromed has proposed a $850,000 settlement to resolve claims related to a June 2021 ransomware attack and data breach involving the protected health information of 47,200 individuals. The deadline for objection to and exclusion from the settlement is March 2, 2023. A lawsuit – Lutz, et al.

Ransomware 81

Ransomware Fraud Licensing Health Insurance 81

HIPAA Journal

JULY 27, 2023

UT Southwestern Medical Center (UTSW) has recently confirmed that the protected health information of 98,437 patients was stolen in a cyberattack on May 28, 2023. UTSW was notified about the attack by Progress Software on May 30, 2023, and the exploited vulnerability was immediately patched.

Ransomware 86

Ransomware Licensing Health Insurance HIPAA 86

HIPAA Journal

JUNE 8, 2023

An unauthorized third party gained access to MCNA Dental’s systems on February 26, 2023, the breach was detected on March 6, 2023, and the unauthorized access was blocked the following day. A few days later, on April 5, 2023, SJBHR was the victim of a ransomware attack that resulted in files being encrypted on certain computer systems.

Medicaid 80

Medicaid Medicaid Ransomware Health Insurance 80

HIPAA Journal

JUNE 8, 2023

The security breach was detected on April 4, 2023, and the forensic investigation confirmed its network had been accessed by an unauthorized third party between March 7, 2023, and April 4, 2023. According to the May 22, 2023, breach notice, the incidents occurred in 2021.

Ransomware 93

Ransomware HIPAA Licensing Health Insurance 93

HIPAA Journal

JUNE 8, 2023

Peachtree Orthopedics in Atlanta, GA, has announced that it was the victim of a cyberattack on April 20, 2023. Mission Community Hospital Investigating Cyberattack Mission Community Hospital in California is investigating a cyberattack that occurred on April 29, 2023. It is unclear if the two incidents are linked.

Ransomware 78

Ransomware Hospitals Medical Billing HIPAA 78

HIPAA Journal

APRIL 14, 2023

While ILS discovered the breach in July 2022, it took until February 14, 2023, for Telligen to be notified about the breach. Telligen notified the Iowa DHSS three days later on February 17, 2023. Notifications were mailed to affected individuals on April 10, 2023. Ransomware was not used in the attack, but files were stolen.

Medicaid 91

Medicaid Medicaid Ransomware HIPAA 91

HIPAA Journal

DECEMBER 2, 2022

San Juan Regional Medical Center stated at the time that this was a malware, rather than a ransomware attack. The final data for objection to or exclusion from the settlement is January 9, 2023. All claims must be submitted by February 8, 2023. A fairness hearing for the settlement has been scheduled for February 22, 2023.

Licensing 85

Licensing HIPAA Ransomware Health Insurance 85

HIPAA Journal

AUGUST 10, 2023

Affected individuals were notified on August 4, 2023. For the research study, the data was published on the tool on February 25, 2018, and for the quality improvement project, on January 14, 2023. The publicly accessible link was discovered on June 8, 2023, and was removed on June 13.

HIPAA 70

HIPAA Ransomware Licensing Health Insurance 70

HIPAA Journal

FEBRUARY 23, 2023

In Early February, a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file transfer software (CVE-2023-0669) was exploited in attacks on more than 130 organizations, including several in the healthcare industry such as Community Health Systems (CHS) in Tennessee. That attack affected up to 1 million patients.

Ransomware 59

Ransomware Licensing Public Health HIPAA 59

AIHC

MARCH 12, 2024

As technology advances, so do cyber criminals When it comes to cyberattacks and cyber extortion (ransomware attacks), health care organization continue to suffer as prime targets and continue to struggle to recover after an attack. America’s cyber defense agency CISA (Cybersecurity & Infrastructure Security Agency). How does it work?

Ransomware 59

Ransomware Governance Compliance HIPAA 59

HIPAA Journal

MAY 24, 2023

Unauthorized customer account activity was detected by PillPack on April 3, 2023, and the investigation revealed customer accounts had been accessed by an unauthorized third party between April 2 and April 6, 2023. Up-to-date contact information then needed to be obtained, and notification letters started to be sent on April 19, 2023.

HIPAA 109

HIPAA Ransomware Licensing Governance 109

HIPAA Journal

SEPTEMBER 12, 2023

Seymour, IN-based Schneck Medical Center has settled a lawsuit with the Indiana attorney general, Todd Rokita, over a 2021 ransomware attack and data breach that affected 89,707 Indiana residents. Schneck Medical Center Compensates Patients for Losses Schneck Medical Center has also recently settled a consolidated class action lawsuit for $1.3

HIPAA 85

HIPAA Ransomware Health Insurance Fraud 85

HIPAA Journal

JULY 31, 2023

a government services contracting company, has announced in a Securities and Exchange Commission (SEC) filing that hackers exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer solution in May 2023 and accessed the protected health information (PHI) of between 8 and 11 million individuals. Reston, VA-based Maximus Inc.,

Governance 71

Governance Medicare Medicare Ransomware 71

AIHC

MARCH 12, 2024

As technology advances, so do cyber criminals When it comes to cyberattacks and cyber extortion (ransomware attacks), health care organization continue to suffer as prime targets and continue to struggle to recover after an attack. America’s cyber defense agency CISA (Cybersecurity & Infrastructure Security Agency). How does it work?

Ransomware 52

Ransomware Governance Compliance HIPAA 52

HIPAA Journal

MAY 18, 2023

Suspicious network activity was detected on March 9, 2023, and immediate action was taken to secure the network. The business associate detected a security breach on March 6, 2023, and the investigation confirmed its systems were accessed on March 4, 2023.

Ransomware 90

Ransomware HIPAA Licensing Medicare 90

HIPAA Journal

MARCH 28, 2024

Suspicious activity was detected within its network on April 13, 2023, and after securing its systems, a forensic investigation was launched to determine the nature and scope of the unauthorized activity. In November 2023, the vendor was unable to access the patient management tool and worked with its subcontractor to address the problem.

Hospitals 72

Hospitals Ransomware HIPAA Licensing 72

HIPAA Journal

JULY 27, 2023

Norton Healthcare, a Kentucky-based operator of more than 140 clinics and hospitals in Kentucky and Southern Indiana, is facing a class action lawsuit over a May 2023 cyberattack and data breach. On July 21, 2023, a class action lawsuit was filed in U.S.

Ransomware 52

Ransomware Fraud Licensing Health Insurance 52

HIPAA Journal

APRIL 25, 2023

Santa Clara Family Health Plan Confirmed as Victim of Clop GoAnywhere Hack Santa Clara Family Health Plan has confirmed the 276,993-record data breach reported to the HHS’ Office for Civil Rights on March 30, 2023, was due to the hacking of Fortra’s GoAnywhere MFT solution by the Clop ransomware group.

Health Insurance 81

Health Insurance Public Health Ransomware Fraud 81

HIPAA Journal

MARCH 16, 2023

Florida Medical Clinic Florida Medical Clinic has recently announced that it was the victim of a ransomware attack. The attack was detected on January 9, 2023, and prompt action was taken to contain the attack, which limited data exposure, although files were encrypted.

Electronic Medical Records 62

Electronic Medical Records Health Insurance Ransomware HIPAA 62

Healthcare IT Today

FEBRUARY 23, 2024

If a ransomware attack happens, an organization can respond much faster in the cloud than with on-premises infrastructure and will have a better chance of accessing protected backups. Leaders must focus on eliminating manual repetitive work to let employees work at the top of their license and spend more time with patients.

Compliance 104

Compliance HIPAA Nurses Hospitals 104

Hall Render

APRIL 19, 2024

to Study Treatments for Vascular Abnormalities Federal Appeals Court Hears Arguments on Nation’s First Ban on Gender-affirming Care for Minors Jason Demke Hired as COO at Mercy Hospital Fort Smit Pulaski Tech Awarded $5.7M

Nursing Homes 40

Nursing Homes Nurses Hospitals Doctors 40

HIPAA Journal

JANUARY 9, 2023

Maternal & Family Health Services in Eastern Pennsylvania has recently notified certain patients about an April 4, 2022, ransomware attack in which sensitive patient data was exposed. Notifications were sent to affected individuals on January 3, 2023. Retreat Behavioral Health Ransomware Attack Affects Up to 23,620 Patients.

Ransomware 84

Ransomware HIPAA Licensing Health Insurance 84

HIPAA Journal

FEBRUARY 7, 2023

Regal Medical Group, a San Bernardino, CA-based affiliate of the Heritage Provider Network, recently announced that it was attacked with ransomware. The forensic investigation confirmed that the attackers gained access to the servers on or around December 1 and exfiltrated files before the ransomware was deployed.

Ransomware 68

Ransomware Hospitals Licensing HIPAA 68

HIPAA Journal

MAY 2, 2023

NYSARC Columbia County Chapter Notifies Individuals About July 2022 Ransomware Attack NYSARC Columbia County Chapter (COARC) has started notifying certain individuals that some of their protected health information has potentially been obtained by unauthorized individuals in a July 2022 ransomware attack.

Ransomware 91

Ransomware Licensing Health Insurance HIPAA 91

Compliancy Group

MARCH 17, 2023

Public Health Emergency will end on May 11, 2023. Beginning May 12, 2023, telehealth services by providers must use “HIPAA-compliant” technologies and communication products. The FBI reported at least 210 healthcare-related ransomware complaints in 2022.

Compliance 52

Compliance HIPAA Public Health Ransomware 52

Hall Render

SEPTEMBER 1, 2023

Here’s why Ransomware gang reportedly selling Prospect Medical patient data Ransomware attack not the only headache for Prospect Medical Ridgecrest Regional Hospital receives $5.5 Newsom announces distressed hospital loan program Kaiser Permanente frontline workers strike could begin Oct. Warner, Kaine announce nearly $1.4M

COVID-19 40

COVID-19 Nurses Nursing Homes Hospitals 40

Hall Render

SEPTEMBER 16, 2022

Health care industry in Nebraska ‘thankful’ after licensing backlog averted. Aaron Weismann on ransomware attacks. Top 25 hospitals for orthopedics in 2023: Report. Anesthesiologist’s license suspended; Incidents at surgery center under review. Ransomware gang threatens 1m-plus medical record leak. NEW JERSEY.

US Department of Health and Human Services 40

US Department of Health and Human Services COVID-19 Nurses Nursing Homes 40