IL, KY, and TN Healthcare Orgs Recovering from Recent Cyberattacks
Morris Hospital & Healthcare Centers Investigating Royal Ransomware Attack
Morris Hospital & Healthcare Centers in Illinois has launched an investigation into a cyberattack that the Royal ransomware group has claimed responsibility for. Third-party forensics experts have been engaged to investigate the breach and determine the extent to which patient information was involved. While the investigation is still in the early stages, Morris Hospital & Healthcare Centers has confirmed that its electronic medical record system was unaffected; however, patient data was stored in the network that was compromised in the attack.
Morris Hospital & Healthcare Centers said it had implemented multiple security measures prior to the attack and that these were instrumental in limiting the severity of the incident. Further information will be released as the investigation progresses, and notification letters will be issued if it is determined that patient data has been compromised. On May 22, 2023, the Royal ransomware group added Morris Hospital & Healthcare Centers to its data leak site along with a sample of files allegedly stolen in the attack.
Norton Healthcare Recovering from Cyberattack
Norton Healthcare, a Kentucky-based operator of more than 140 clinics and hospitals in the Louisville area of Kentucky and Southern Indiana, has confirmed that it suffered a cybersecurity incident on May 9, 2023. Norton confirmed that its network is operational and that systems were proactively taken offline as a precaution and confirmed that at no point did the attackers have control of its network.
With IT systems offline, the staff switched to manual processes for recording patient information but said all of its facilities remained open and were able to continue to provide care to patients, although there have been delays to some services due to IT systems being offline, including medical imaging, lab test results, and prescription refills, and that there was a backlog of messages from its online patient portal which are taking time to work through and has caused delays to responses.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The threat actor behind the attack issued threats and demands via fax. Norton did not state whether ransomware was used in the attack. Notifications will be issued to patients when the investigation has been completed. It appears that protected health information has been compromised, although the scale of the attack has yet to be confirmed. The breach has been reported to the HHS’ Office for Civil Rights as affecting 501 individuals – a placeholder that is often used until the number of individuals affected has been confirmed.
Update on the Norton Healthcare Data Breach: On December 8, 2023, Norton Healthcare started sending notification letters to 2.5 million individuals.
Tennessee Orthopaedic Clinics Confirms March 2023 Cyberattack
Tennessee Orthopaedic Clinics is investigating a security breach that has caused disruption to some of its IT systems. The third-party forensic investigation determined that an unauthorized individual gained access to some of its IT systems between March 20, 2023, and March 24, 2023, and may have accessed or acquired files that contained patient information.
By May 2, 2023, it had been confirmed that patient data had been compromised, including names, contact information, dates of birth, diagnosis and treatment information, provider names, dates of service, cost of services, prescription information, and/or health insurance information.
The incident was reported to the HHS’ Office for Civil Rights as affecting 500 individuals to meet the breach reporting requirements of the HIPAA Breach Notification Rule, and was later confirmed to have affected 46,679 individuals. Tennessee Orthopaedic Clinics said additional safeguards and technical security measures have been implemented to prevent similar security breaches in the future.
Paramount Health Care Affected by NationBenefits Data Breach
The Maumee, OH-based insurance company, Paramount Health Care, has confirmed that it was affected by the recently reported 3 million-record cyberattack that affected the healthcare management solution provider, NationBenefits, on or around January 30, 2023. Paramount said hackers accessed and removed a database that contained patient information that included names, addresses, phone numbers, health insurance information, and Social Security numbers.
The cyberattack was conducted by the Clop threat group and exploited a zero-day vulnerability in Fortra’s GoAnywhere MFT file transfer solution. Notification letters are being sent to patients by NationBenefits. It is currently unclear how many Paramount members have been affected by the incident.
