HIPAA Journal

DECEMBER 8, 2022

The New York ambulance service, Empress EMS, is facing multiple class action lawsuits over a ransomware attack that was detected on July 14, 2022. The Hive ransomware group was behind the attack, and as per the group’s modus operandi , after gaining access to the network, sensitive files were stolen, then files were encrypted.

Ransomware 117

Ransomware HIPAA Fraud 117

HIPAA Journal

NOVEMBER 23, 2022

The Rochester Hills, MI-based prosthetics, orthotics, and accessibility solution provider, Wright & Filippis, has recently announced that it was the victim of a ransomware attack on its network. The post 877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider appeared first on HIPAA Journal.

Ransomware 122

Ransomware Fraud Licensing HIPAA 122

HIPAA Journal

FEBRUARY 22, 2023

A lawsuit has been filed against Freehold Township, NJ-based CentraState Healthcare System over its December 2022 ransomware attack, a few days after the health system started sending notification letters to around 617,000 affected patients.

Ransomware 117

Ransomware Fraud Health Insurance HIPAA 117

HIPAA Journal

JUNE 16, 2023

A Russian national has been arrested in Arizona and charged in connection to LockBit ransomware and other cyberattacks conducted on targets in the United States, Europe, Asia, and Africa since 2020. LockBit is currently the most widely used ransomware variant and has been used to extort around $91 million from U.S.

Ransomware 103

Ransomware Fraud HIPAA 103

HIPAA Journal

MARCH 13, 2023

The Royal ransomware group claimed responsibility for the attack and issued a ransom demand to prevent the publication of the 16GB of data allegedly stolen in the attack. The post Revenetics Facing Class Action Lawsuit Over Royal Ransomware Attack and Data Breach appeared first on HIPAA Journal.

Ransomware 124

Ransomware Fraud HIPAA 124

HIPAA Journal

APRIL 16, 2025

On December 22, 2023, Retina Group of Washington, a healthcare provider with eye care clinics in Maryland and Virginia, issued notifications about a ransomware attack on March 26, 2023. Claims may also be submitted to recover extraordinary losses, such as losses due to identity theft and fraud, up to a maximum of $5,000 per class member.

Ransomware 69

Ransomware Fraud Licensing HIPAA 69

HIPAA Journal

APRIL 11, 2025

The nature of the hacking incident was not disclosed, including when its systems were first breached, if ransomware was used, and if there was an extortion attempt. The affected individuals should be vigilant against identity theft and other fraud by monitoring their accounts and Explanation of Benefits statements carefully.

Ransomware 84

Ransomware Fraud HIPAA Licensing 84

HIT Consultant

NOVEMBER 4, 2024

Healthcare organizations must have systems to protect sensitive information from identity theft and fraud, insider threats from employees or contractors with malicious intent, and the manipulation, deletion, corruption, or exposure of electronic health records. billion and $2.45

Ransomware 98

Ransomware Regulatory Compliance Compliance Fraud 98

HIPAA Journal

JANUARY 6, 2023

The Chicago, IL-based health system, CommonSpirit Health, is facing a class action lawsuit over its October 2022 ransomware attack. Malicious actors gained access to its IT systems on September 16, 2022, and deployed ransomware on October 2, 2022.

Ransomware 103

Ransomware Fraud Electronic Medical Records Hospitals 103

HIPAA Journal

NOVEMBER 7, 2024

The use of ransomware in cyberattacks decreased slightly in the first half of the year; however, the severity of ransomware attacks increased according to the 2024 Cyber Claims Report: Mid-Year Update from cyber insurance and security service provider Coalition. million and $2.5

Ransomware 97

Ransomware Fraud HIPAA 97

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. The Biggest HIPAA Breaches of 2022. The 12 biggest HIPAA breaches of 2022 affected almost 22.66 OneTouch Point – Ransomware Attack Involving 4.11

HIPAA 106

HIPAA Ransomware Health Insurance Compliance 106

HIPAA Journal

JULY 14, 2023

While this is certainly good news, ransomware-related cryptocurrency payments increased significantly in H1 2023, and if the trend continues in the second half of the year, ransomware revenues could eclipse those of 2022. million in payments were made following ransomware attacks. billion in the first half of 2022.

Ransomware 98

Ransomware Fraud HIPAA 98

HIPAA Journal

JUNE 13, 2023

million individuals in an April 2023 ransomware attack. The attack was detected when ransomware was used to encrypt and prevent access to files. The lawsuit alleges the plaintiff and class members have been placed at imminent risk of harm and face an ongoing risk of identity theft and fraud. million customers.

Ransomware 103

Ransomware Fraud Health Insurance HIPAA 103

HIPAA Journal

JANUARY 27, 2023

Des Plaines, IL-based Lutheran Social Services of Illinois, one of the largest providers of social services in the state, has announced that its systems were compromised and ransomware was used to encrypt files. This coincides with the 60-day reporting deadline of the HIPAA Breach Notification Rule.

Ransomware 107

Ransomware HIPAA Fraud Licensing 107

HIPAA Journal

JUNE 21, 2023

Onix Group, a Pennsylvania-based real estate development firm and provider of business management and consulting services, is being sued for failing to prevent a ransomware attack in which the hackers stole the protected health information of 320,000 individuals. The ransomware attack was detected by Onix Group on March 27.

Ransomware 107

Ransomware Fraud HIPAA 107

HIPAA Journal

SEPTEMBER 12, 2023

Seymour, IN-based Schneck Medical Center has settled a lawsuit with the Indiana attorney general, Todd Rokita, over a 2021 ransomware attack and data breach that affected 89,707 Indiana residents. Schneck Medical Center Compensates Patients for Losses Schneck Medical Center has also recently settled a consolidated class action lawsuit for $1.3

HIPAA 103

HIPAA Ransomware Health Insurance Fraud 103

HIPAA Journal

SEPTEMBER 1, 2023

The San Francisco, CA-based law firm, Orrick, Herrington & Sutcliffe LLP, is facing a class action lawsuit over a ransomware attack and data breach that was detected on March 13, 2023. The post Orrick, Herrington & Sutcliffe Sued Over Ransomware Attack and Data Breach appeared first on HIPAA Journal.

Ransomware 102

Ransomware Fraud HIPAA 102

HIPAA Journal

MARCH 28, 2023

A New York law firm that suffered a LockBit ransomware attack has agreed to pay a financial penalty of $200,000 to the New York Attorney General to resolve alleged violations of New York General Business Law and the Privacy and Security Rules of the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA 111

HIPAA Ransomware Malpractice Health Insurance 111

Compliancy Group

MAY 27, 2022

Here’s a roundup of recent HIPAA breach lawsuits and settlements. Lawsuits Increasing Following HIPAA Breaches – Facts and Figures. 35% of healthcare breaches involved ransomware attacks, vs. 20% in 2020. The average ransomware payment for healthcare was $875,784, about one-third less than the 2020 payment.

HIPAA 98

HIPAA Ransomware Hospitals Health Insurance 98

HIPAA Journal

AUGUST 31, 2022

The group operates out of Russia and has been operational since at least 2009 and is responsible for the infamous Dridex banking Trojan and several other ransomware and malware variants, including BitPaymer, Hades, Phoenixlocker, WastedLocker, SocGholish, GameOver Zeus, and JabberZeus. Cybercrime Syndicate appeared first on HIPAA Journal.

Ransomware 143

Ransomware Fraud Governance Public Health 143

HIPAA Journal

MAY 25, 2023

In April 2023, Point32Health, the second-largest health insurer in Massachusetts and the parent company of Tufts Health Plan and Harvard Pilgrim Health Care, announced it suffered a ransomware attack that resulted in system outages, including the systems that serviced members, accounts, brokers, and providers.

Ransomware 105

Ransomware Health Insurance Fraud HIPAA 105

Healthcare IT Today

MARCH 19, 2025

Recent incidents, such as the massive theft of NHS records in 2024 and a surge in ransomware attacks on healthcare providers, emphasize the urgent need for stronger security frameworks. These events expose the limitations of traditional systems in combating emerging threats like AI-generated fraud and identity manipulation.

Fraud 60

Fraud Ransomware HIPAA Compliance 60

HIT Consultant

DECEMBER 18, 2024

Data breaches, ransomware attacks, and system vulnerabilities have emerged as major disruptors, threatening sensitive patient information and the very foundation of patient care. Identity theft, fraud, and long-term financial harm are just a few examples of the personal fallout patients may face following a data breach.

Ransomware 105

Ransomware Fraud Doctors HIPAA 105

HIPAA Journal

MAY 18, 2023

The Department of Health and Human Services’ Office for Civil Rights is the main enforcer of HIPAA compliance; however, state Attorneys General also play a role in enforcing compliance with the Rules of the Health Insurance Portability and Accountability Act (HIPAA). million individuals and for delayed breach notifications.

HIPAA 103

HIPAA Compliance Ransomware Hospitals 103

HIPAA Journal

JANUARY 24, 2023

The theft of protected health information places patients and health plan members at risk of identity theft and fraud, but by far the biggest concern is the threat to patient safety. Multiple studies have identified an increase in mortality rates at hospitals following ransomware attacks and other major cyber incidents.

HIPAA 138

HIPAA Ransomware Hospitals Fraud 138

HIPAA Journal

MARCH 7, 2023

DoppelPaymer ransomware first appeared in 2019. Since then, the ransomware has been used in dozens of attacks on critical infrastructure organizations and industries, and private companies. The ransomware is based on BitPaymer ransomware, which is part of the Dridex malware family.

Ransomware 81

Ransomware Fraud HIPAA Hospitals 81

HIPAA Journal

FEBRUARY 21, 2022

EHRs usually contain all the information required for multiple types of fraud, including names, addresses, dates of birth, Social Security numbers, other government and state ID numbers, health data, and health insurance information. Malware, and especially ransomware, pose a significant threat to EHRs.

Ransomware 135

Ransomware Fraud HIPAA Health Insurance 135

HIPAA Journal

MARCH 11, 2025

The Rhysida ransomware group has claimed responsibility for the attack and has added Sunflower Medical Group to its data leak site. While the risks associated with the incident are believed to be low, all affected individuals have been advised to be vigilant against phishing attempts and other fraud.

Department of Veterans Affairs 82

Department of Veterans Affairs Licensing Ransomware Fraud 82

HIPAA Journal

SEPTEMBER 7, 2022

The Morristown, VT-based healthcare provider, Lamoille Health Partners, is facing a class action lawsuit over a June 2022 ransomware attack that affected almost 60,000 of its patients. The post Lamoille Health Partners Facing Class Action Lawsuit Over 58K-Record Data Breach appeared first on HIPAA Journal. Byrne of Gravel and Shea.

HIPAA 131

HIPAA Ransomware Fraud Health Insurance 131

HIPAA Journal

AUGUST 30, 2022

While the nature of the attack was not disclosed, a ransomware group claimed credit for the attack and uploaded some of the stolen data to its data leak site. The post Avamere Holdings Facing Class Action Lawsuit Over 2022 Cyberattack appeared first on HIPAA Journal.

Nursing Homes 124

Nursing Homes Fraud Ransomware HIPAA 124

HIPAA Journal

APRIL 28, 2025

Frederick Health Medical Group, a Maryland-based healthcare group, announced on January 27, 2025, that it had fallen victim to a ransomware attack and had called in cybersecurity experts to investigate the incident. The post Ransomware Attack on Frederick Health Medical Group Affects 934,000 Patients appeared first on The HIPAA Journal.

52

52

HIPAA Journal

JANUARY 30, 2023

The National HIPAA Summit is the leading forum on healthcare EDI, privacy, breach notification, confidentiality, data security, and HIPAA compliance, and the deadline for registration for the Virtual 40th National HIPAA Summit is fast approaching.

US Department of Health and Human Services 83

US Department of Health and Human Services HIPAA Compliance Medicaid 83

HIPAA Journal

MAY 17, 2023

In April 2023, the Money Message ransomware group announced it had breached the systems of PharMerica and its parent company, BrightSpring Health Services, and added both to its data leak site. That makes it the largest healthcare data breach to be reported by a single HIPAA-covered entity so far in 2023.

Ransomware 111

Ransomware HIPAA Fraud Health Insurance 111

HIT Consultant

JULY 29, 2024

Image by DC Studio on Freepik What You Should Know: – The Baim Institute for Clinical Research , a leading non-profit academic research organization, has fallen victim to a significant ransomware attack, according to Safety Detective’s cybersecurity team. Consider placing a fraud alert on their credit report.

Fraud 98

Fraud Ransomware HIPAA 98

HIPAA Journal

FEBRUARY 15, 2023

The medical device manufacturer Electromed has proposed a $850,000 settlement to resolve claims related to a June 2021 ransomware attack and data breach involving the protected health information of 47,200 individuals. The post Electromed Proposes $825,000 Class Action Data Breach Settlement appeared first on HIPAA Journal.

Ransomware 109

Ransomware Fraud Licensing Health Insurance 109

HIPAA Journal

MAY 18, 2023

This was the second data breach to be reported by NextGen this year, with the earlier incident being a BlackCat ransomware attack. Further, NextGen had suffered a ransomware attack just a few weeks previously and should have known that security needed to be improved.

Ransomware 122

Ransomware Fraud HIPAA 122

HIPAA Journal

MARCH 3, 2023

The attack was conducted by the Sodinokibi ransomware group, which published some of the stolen data on its data leak site. Claims will also be accepted up to a maximum of $3,500 per claimant to cover documented, extraordinary losses that have not already been reimbursed, such as losses to fraud and identity theft.

Ransomware 102

Ransomware Fraud HIPAA 102