Fraud and Ransomware - Health Care Compliance Brief

Russian National Arrested and Charged for LockBit Ransomware Attacks

HIPAA Journal

JUNE 16, 2023

A Russian national has been arrested in Arizona and charged in connection to LockBit ransomware and other cyberattacks conducted on targets in the United States, Europe, Asia, and Africa since 2020. LockBit is currently the most widely used ransomware variant and has been used to extort around $91 million from U.S.

Ransomware

Ransomware Fraud HIPAA

Netwalker Ransomware Affiliate Sentenced to 20 Years in Jail

HIPAA Journal

OCTOBER 6, 2022

An affiliate of the infamous Netwalker ransomware gang has been sentenced to serve 20 years in jail for his role in ransomware attacks on entities in the United States. A law enforcement investigation into the ransomware attacks conducted by Vachon-Desjardins on U.S. years in jail for a separate drug trafficking case.

Ransomware

Ransomware Fraud COVID-19 HIPAA

Return to Big Game Hunting Sees Ransomware Revenues Soar

HIPAA Journal

JULY 14, 2023

While this is certainly good news, ransomware-related cryptocurrency payments increased significantly in H1 2023, and if the trend continues in the second half of the year, ransomware revenues could eclipse those of 2022. million in payments were made following ransomware attacks. billion in the first half of 2022.

Ransomware

Ransomware Fraud HIPAA

290 Hospitals Potentially Affected by Ransomware Attacks in 2022

HIPAA Journal

JANUARY 3, 2023

Ransomware attacks continue to be conducted on healthcare organizations in high numbers but determining the extent to which healthcare organizations are being targeted by ransomware gangs is a challenge. While no deaths have been attributed to ransomware attacks, patient outcomes are affected by the delays in receiving treatment.

Ransomware

Ransomware Hospitals HIPAA Governance

Knowing Your Patient: Helping Healthcare Organizations Prevent Insurance Fraud

Healthcare IT Today

JUNE 2, 2023

Today’s threat landscape requires them to plan for ransomware and malware attacks, protect against traditional vulnerabilities in legacy equipment, and mitigate the risk of internal threats. With those competing priorities, fraud prevention does not always make its way to the top of the list of considerations, even when it should.

Fraud

Fraud Ransomware Licensing Governance

Lehigh Valley Health Network Sued After Ransomware Gang Publishes Nude Patient Images

HIPAA Journal

MARCH 15, 2023

A lawsuit has been filed against Lehigh Valley Health Network (LVHN) over its recent BlackCat ransomware attack. The attack saw files encrypted after data was exfiltrated as is typical in ransomware attacks; however, the attack stood out due to the aggressive move of the threat group to increase the pressure on LVHN to pay the ransom.

Ransomware

Ransomware Fraud HIPAA Licensing

Suspected DoppelPaymer Ransomware Core Members Arrested in Europol-Led Operation

HIPAA Journal

MARCH 7, 2023

DoppelPaymer ransomware first appeared in 2019. Since then, the ransomware has been used in dozens of attacks on critical infrastructure organizations and industries, and private companies. The ransomware is based on BitPaymer ransomware, which is part of the Dridex malware family.

Ransomware

Ransomware Fraud HIPAA Hospitals

CentraState Medical Center Facing Class Action Lawsuit Over December 2022 Ransomware Attack

HIPAA Journal

FEBRUARY 22, 2023

A lawsuit has been filed against Freehold Township, NJ-based CentraState Healthcare System over its December 2022 ransomware attack, a few days after the health system started sending notification letters to around 617,000 affected patients.

Ransomware

Ransomware Fraud Health Insurance HIPAA

SAC Health Theft Incident and Multiple Ransomware Attacks Reported

HIPAA Journal

MAY 25, 2022

SAC Health said it is unaware of any actual or attempted misuse of patient data as a result of the break-in; however, as a precaution against identity theft and fraud, affected individuals have been offered complimentary credit monitoring services. Bryan County Ambulance Authority Ransomware Attack Affects 14,000 Patients.

Ransomware

Ransomware Fraud HIPAA Licensing

Telehealth fraud: Tampa pharmacy owner faces 10 years for $931M conspiracy

Healthcare IT News - Telehealth

JANUARY 27, 2021

Department of Justice announced Monday that four people and one company have recently pleaded guilty in a telemedicine pharmacy healthcare-fraud conspiracy that allegedly lasted for years. "Telemarketing fraud is a major threat to the integrity of government and commercial insurance programs," said Derrick L. ON THE RECORD.

Fraud

Fraud Telemedicine Ransomware COVID-19

Ransomware Attack Triggers Multiple Lawsuits Against Harvard Pilgrim Healthcare & Point32Health

HIPAA Journal

JUNE 13, 2023

million individuals in an April 2023 ransomware attack. The attack was detected when ransomware was used to encrypt and prevent access to files. The lawsuit alleges the plaintiff and class members have been placed at imminent risk of harm and face an ongoing risk of identity theft and fraud. million customers.

Ransomware

Ransomware Fraud Health Insurance HIPAA

FBI: At Least 148 Healthcare Organizations Suffered Ransomware Attacks in 2021

HIPAA Journal

MARCH 24, 2022

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released its 2021 Internet Crime Report , which reveals there were at least 649 ransomware attacks on critical infrastructure organizations from June 2021 to December 2021. Losses to ransomware are difficult to determine.

Ransomware

Ransomware Public Health Fraud HIPAA

Orrick, Herrington & Sutcliffe Sued Over Ransomware Attack and Data Breach

HIPAA Journal

SEPTEMBER 1, 2023

The San Francisco, CA-based law firm, Orrick, Herrington & Sutcliffe LLP, is facing a class action lawsuit over a ransomware attack and data breach that was detected on March 13, 2023. The post Orrick, Herrington & Sutcliffe Sued Over Ransomware Attack and Data Breach appeared first on HIPAA Journal.

Ransomware

Ransomware Fraud HIPAA

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

HIPAA Journal

NOVEMBER 23, 2022

The Rochester Hills, MI-based prosthetics, orthotics, and accessibility solution provider, Wright & Filippis, has recently announced that it was the victim of a ransomware attack on its network. The post 877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider appeared first on HIPAA Journal.

Ransomware

Ransomware Fraud Licensing HIPAA

CommonSpirit Health Facing Class Action Lawsuit over Ransomware Attack and Data Breach

HIPAA Journal

JANUARY 6, 2023

The Chicago, IL-based health system, CommonSpirit Health, is facing a class action lawsuit over its October 2022 ransomware attack. Malicious actors gained access to its IT systems on September 16, 2022, and deployed ransomware on October 2, 2022.

Ransomware

Ransomware Fraud Electronic Medical Records Hospitals

Revenetics Facing Class Action Lawsuit Over Royal Ransomware Attack and Data Breach

HIPAA Journal

MARCH 13, 2023

The Royal ransomware group claimed responsibility for the attack and issued a ransom demand to prevent the publication of the 16GB of data allegedly stolen in the attack. The post Revenetics Facing Class Action Lawsuit Over Royal Ransomware Attack and Data Breach appeared first on HIPAA Journal.

Ransomware

Ransomware Fraud HIPAA

Increasing ransomware attacks are healthcare's new 'pandemic'

Becker's Health IT

SEPTEMBER 6, 2022

Ransomware attacks targeting the healthcare industry have increased by 94 percent in the last year as patient data is used by hackers to commit fraud and identity theft, VentureBeat reported Sept.

Ransomware

Ransomware Fraud

New York Ambulance Service Facing Multiple Class Action Lawsuits over Ransomware Attack

HIPAA Journal

DECEMBER 8, 2022

The New York ambulance service, Empress EMS, is facing multiple class action lawsuits over a ransomware attack that was detected on July 14, 2022. The Hive ransomware group was behind the attack, and as per the group’s modus operandi , after gaining access to the network, sensitive files were stolen, then files were encrypted.

Ransomware

Ransomware HIPAA Fraud

Onix Group Sued for Failing to Prevent Ransomware Attack and 320K-Record Data Breach

HIPAA Journal

JUNE 21, 2023

Onix Group, a Pennsylvania-based real estate development firm and provider of business management and consulting services, is being sued for failing to prevent a ransomware attack in which the hackers stole the protected health information of 320,000 individuals. The ransomware attack was detected by Onix Group on March 27.

Ransomware

Ransomware Fraud HIPAA

Alvaria Confirms November 2022 Hive Ransomware Attack

HIPAA Journal

JUNE 8, 2023

a provider of call center and customer experience software technology to large enterprises, has recently confirmed that it fell victim to a ransomware attack on a limited portion of its network. The post Alvaria Confirms November 2022 Hive Ransomware Attack appeared first on HIPAA Journal. (formerly Aspect Software, Inc.),

Ransomware

Ransomware Fraud HIPAA Health Insurance

City of Oakland Facing Multiple Class Action Lawsuits Over February Ransomware Attack

HIPAA Journal

JUNE 5, 2023

Multiple class action lawsuits have been filed against the city of Oakland in California over a ransomware attack and data breach that involved the theft of the personal and protected health information of 13,000 current and former employees. The ransomware attack is understood to have started with phishing emails.

Ransomware

Ransomware Fraud HIPAA

San Andreas Regional Center Agrees to Settle 2021 Ransomware Attack Lawsuit

HIPAA Journal

JANUARY 31, 2023

San Andreas Regional Center – was filed in the Superior Court of California in response to the breach alleging the healthcare provider was negligent for failing to implement reasonable cybersecurity measures to protect against ransomware attacks, despite being aware of the high risk of attacks on the healthcare sector.

Ransomware

Ransomware Fraud Health Insurance HIPAA

Up to 184,000 Clients of Lutheran Social Services of Illinois Impacted by Ransomware Attack

HIPAA Journal

JANUARY 27, 2023

Des Plaines, IL-based Lutheran Social Services of Illinois, one of the largest providers of social services in the state, has announced that its systems were compromised and ransomware was used to encrypt files. Both healthcare organizations were recently added to the data leak site of the BlackCat ransomware group.

Ransomware

Ransomware HIPAA Fraud Hospitals

Point32Health Confirms Harvard Pilgrim Health Care Member Data Stolen in Ransomware Attack

HIPAA Journal

MAY 25, 2023

In April 2023, Point32Health, the second-largest health insurer in Massachusetts and the parent company of Tufts Health Plan and Harvard Pilgrim Health Care, announced it suffered a ransomware attack that resulted in system outages, including the systems that serviced members, accounts, brokers, and providers.

Ransomware

Ransomware Health Insurance Fraud HIPAA

Forefront Dermatology Proposes $3.75 Million Settlement to Resolve Ransomware Lawsuit

HIPAA Journal

NOVEMBER 21, 2022

The Wisconsin-based dermatology practice, Forefront Dermatology, has agreed to settle a class action lawsuit filed on behalf of patients whose protected health information (PHI) was compromised in a ransomware attack in late May 2021. Million Settlement to Resolve Ransomware Lawsuit appeared first on HIPAA Journal.

Ransomware

Ransomware Fraud HIPAA Licensing

Second Class Action Lawsuit Filed Against CommonSpirit Health Over Ransomware Attack

HIPAA Journal

JANUARY 24, 2023

Another lawsuit has been filed against CommonSpirit Health over its 2022 ransomware attack and data breach that alleges the nation’s largest catholic health system failed to implement reasonable and appropriate safeguards to prevent unauthorized access to sensitive patient data.

Ransomware

Ransomware Fraud HIPAA Hospitals

Healthcare Organizations Warned About Evil Corp. Cybercrime Syndicate

HIPAA Journal

AUGUST 31, 2022

The group operates out of Russia and has been operational since at least 2009 and is responsible for the infamous Dridex banking Trojan and several other ransomware and malware variants, including BitPaymer, Hades, Phoenixlocker, WastedLocker, SocGholish, GameOver Zeus, and JabberZeus.

Ransomware

Ransomware Fraud Governance HIPAA

Patient Data Compromised in 5 Hacking Incidents, Ransomware Attacks, and Break-ins

HIPAA Journal

NOVEMBER 17, 2022

Salud Family Health Provides Update on September 2022 Ransomware Attack. The breach was reported to the HHS’ Office for Civil Rights using a placeholder of 501 and that figure has yet to be updated on the OCR breach portal; however, the threat actor behind the attack – the Lorenz ransomware group – has dumped a sample of the files online.

Ransomware

Ransomware Health Insurance Hospitals Fraud

Planned Parenthood Los Angeles Settles Class Action Data Breach Lawsuit for $6 Million

HIPAA Journal

APRIL 8, 2024

Between October 9, 2021, and October 17, 2021, hackers accessed the Planned Parenthood Los Angeles network , exfiltrated sensitive patient data, and used ransomware to encrypt files. Planned Parenthood discovered the ransomware attack on October 17, 2021, and confirmed on November 4, 2021, that the stolen files contained patient data.

Ransomware

Ransomware HIPAA Health Insurance Fraud

Ransomware Attacks Directed at Businesses Grow

Total HIPAA

FEBRUARY 25, 2020

Ransomware attacks have surged in the last year.¹ Ransomware is a form of malware that infects devices via a Trojan, a kind of malicious code disguised as legitimate software. Frequency of Ransomware Attacks Increases. In 2019, ransomware incidents disrupted many organizations’ infrastructure and ability to do business.

Ransomware

Ransomware HIPAA Compliance Fraud

Settlement Reached in Preferred Home Care Data Breach Lawsuit

HIPAA Journal

MARCH 3, 2023

The attack was conducted by the Sodinokibi ransomware group, which published some of the stolen data on its data leak site. Claims will also be accepted up to a maximum of $3,500 per claimant to cover documented, extraordinary losses that have not already been reimbursed, such as losses to fraud and identity theft.

Ransomware

Ransomware Fraud HIPAA

Health-ISAC Report Explores Current and Emerging Cyber Threats to the Healthcare Sector

HIPAA Journal

MARCH 30, 2023

Ransomware and phishing continue to be the biggest cybersecurity concerns for healthcare organizations according to the February 2023 Current and Emerging Healthcare Cyber Threat Landscape report from Health-ISAC. Ransomware was the biggest concern for 2022 and 2023 with phishing and spear phishing in second.

Ransomware

Ransomware Fraud Governance Medical Billing

Electromed Proposes $825,000 Class Action Data Breach Settlement

HIPAA Journal

FEBRUARY 15, 2023

The medical device manufacturer Electromed has proposed a $850,000 settlement to resolve claims related to a June 2021 ransomware attack and data breach involving the protected health information of 47,200 individuals. A lawsuit – Lutz, et al.

Ransomware

Ransomware Fraud Licensing Health Insurance

HHS Raises Awareness of Threats to Electronic Health Record Systems

HIPAA Journal

FEBRUARY 21, 2022

EHRs usually contain all the information required for multiple types of fraud, including names, addresses, dates of birth, Social Security numbers, other government and state ID numbers, health data, and health insurance information. Malware, and especially ransomware, pose a significant threat to EHRs.

Ransomware

Ransomware Fraud HIPAA Health Insurance

NextGen Healthcare Facing Multiple Class Action Data Breach Lawsuits

HIPAA Journal

MAY 18, 2023

This was the second data breach to be reported by NextGen this year, with the earlier incident being a BlackCat ransomware attack. Further, NextGen had suffered a ransomware attack just a few weeks previously and should have known that security needed to be improved.

Ransomware

Ransomware Fraud HIPAA

The Rise of Cybercrime: What the 2022 IC3 Report Reveals About Healthcare

Compliancy Group

MARCH 30, 2023

The report also identified several trends in cybercrime, including the increased use of social media platforms as a tool for scams and fraud, the rise of ransomware attacks, and the exploitation of virtual currency transactions. For individuals, cybercrime can result in identity theft, financial fraud, and emotional distress.

Ransomware

Ransomware Fraud HIPAA Compliance

Johns Hopkins Facing Multiple Lawsuits Over MOVEit Data Breach

HIPAA Journal

JULY 12, 2023

District Court for the District of Maryland against Johns Hopkins University and Johns Hopkins Health System that allege a failure to properly secure and safeguard the protected health information of patients, resulting in the theft of their data by the Clop ransomware group.

Ransomware

Ransomware Fraud HIPAA

$6 Million Settlement Proposed to Resolve UKG/Kronos Data Breach Lawsuit

HIPAA Journal

JULY 6, 2023

UKG (Ultimate Kronos Group), a multinational provider of workforce management and human resources (HR) management services, has proposed a $6 million settlement to resolve claims related to a ransomware attack and data breach that was discovered in 2021. Members of two subclasses are entitled to additional payments.

Ransomware

Ransomware COVID-19 Fraud HIPAA

Avamere Holdings Facing Class Action Lawsuit Over 2022 Cyberattack

HIPAA Journal

AUGUST 30, 2022

While the nature of the attack was not disclosed, a ransomware group claimed credit for the attack and uploaded some of the stolen data to its data leak site. The post Avamere Holdings Facing Class Action Lawsuit Over 2022 Cyberattack appeared first on HIPAA Journal.

Nursing Homes

Nursing Homes Fraud Ransomware HIPAA

Almost 6 Million Individuals Affected by PharMerica Data Breach

HIPAA Journal

MAY 17, 2023

In April 2023, the Money Message ransomware group announced it had breached the systems of PharMerica and its parent company, BrightSpring Health Services, and added both to its data leak site. The group claimed to have exfiltrated databases containing 4.7 PharMerica has now confirmed the extent of the data breach.

Ransomware

Ransomware HIPAA Fraud Health Insurance

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

HIPAA Journal

SEPTEMBER 12, 2023

Seymour, IN-based Schneck Medical Center has settled a lawsuit with the Indiana attorney general, Todd Rokita, over a 2021 ransomware attack and data breach that affected 89,707 Indiana residents. Schneck Medical Center Compensates Patients for Losses Schneck Medical Center has also recently settled a consolidated class action lawsuit for $1.3

HIPAA

HIPAA Ransomware Health Insurance Fraud

Johns Hopkins Investigating Cyberattack and Data Breach

HIPAA Journal

JUNE 15, 2023

In the meantime, Johns Hopkins urges all students, faculty staff, and their dependents to take immediate action to protect their personal information, including conducting reviews of their statements, credit reports, and accounts for unusual activity, and should consider placing a fraud alert and credit freeze with a national credit bureau.

Ransomware

Ransomware Health Insurance Fraud HIPAA

Cybercriminals Adopt Corporate Tactics to Address Declining Revenues

HIPAA Journal

MARCH 8, 2023

Ransomware gangs in particular have seen profits take a nosedive, with ransom payments decreasing by 38% year-over-year as victims refuse to pay up, even when there is the threat of publication of stolen data. In 2022, ransomware attacks were still common, with LockBit and BlackCat the top ransomware families.

Ransomware

Ransomware Fraud HIPAA

2021 HIPAA “Wall of Shame” Healthcare Data Breaches Up 7.5%

Compliancy Group

JANUARY 25, 2022

Other findings in the report included: Ransomware-related data breaches have doubled in each of the past two years. At the current rate, ransomware attacks will surpass phishing as the number one root cause of data compromises in 2022. We may look back at 2021 as the year when we moved from the era of identity theft to identity fraud.

HIPAA

HIPAA Ransomware Governance Compliance

Russian National Arrested and Charged for LockBit Ransomware Attacks

Netwalker Ransomware Affiliate Sentenced to 20 Years in Jail

Trending Sources

Return to Big Game Hunting Sees Ransomware Revenues Soar

290 Hospitals Potentially Affected by Ransomware Attacks in 2022

Knowing Your Patient: Helping Healthcare Organizations Prevent Insurance Fraud

Lehigh Valley Health Network Sued After Ransomware Gang Publishes Nude Patient Images

Suspected DoppelPaymer Ransomware Core Members Arrested in Europol-Led Operation

CentraState Medical Center Facing Class Action Lawsuit Over December 2022 Ransomware Attack

SAC Health Theft Incident and Multiple Ransomware Attacks Reported

Telehealth fraud: Tampa pharmacy owner faces 10 years for $931M conspiracy

Ransomware Attack Triggers Multiple Lawsuits Against Harvard Pilgrim Healthcare & Point32Health

FBI: At Least 148 Healthcare Organizations Suffered Ransomware Attacks in 2021

Orrick, Herrington & Sutcliffe Sued Over Ransomware Attack and Data Breach

877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider

CommonSpirit Health Facing Class Action Lawsuit over Ransomware Attack and Data Breach

Revenetics Facing Class Action Lawsuit Over Royal Ransomware Attack and Data Breach

Increasing ransomware attacks are healthcare's new 'pandemic'

New York Ambulance Service Facing Multiple Class Action Lawsuits over Ransomware Attack

Onix Group Sued for Failing to Prevent Ransomware Attack and 320K-Record Data Breach

Alvaria Confirms November 2022 Hive Ransomware Attack

City of Oakland Facing Multiple Class Action Lawsuits Over February Ransomware Attack

San Andreas Regional Center Agrees to Settle 2021 Ransomware Attack Lawsuit

Up to 184,000 Clients of Lutheran Social Services of Illinois Impacted by Ransomware Attack

Point32Health Confirms Harvard Pilgrim Health Care Member Data Stolen in Ransomware Attack

Forefront Dermatology Proposes $3.75 Million Settlement to Resolve Ransomware Lawsuit

Second Class Action Lawsuit Filed Against CommonSpirit Health Over Ransomware Attack

Healthcare Organizations Warned About Evil Corp. Cybercrime Syndicate

Patient Data Compromised in 5 Hacking Incidents, Ransomware Attacks, and Break-ins

Planned Parenthood Los Angeles Settles Class Action Data Breach Lawsuit for $6 Million

Ransomware Attacks Directed at Businesses Grow

Settlement Reached in Preferred Home Care Data Breach Lawsuit

Health-ISAC Report Explores Current and Emerging Cyber Threats to the Healthcare Sector

Electromed Proposes $825,000 Class Action Data Breach Settlement

HHS Raises Awareness of Threats to Electronic Health Record Systems

NextGen Healthcare Facing Multiple Class Action Data Breach Lawsuits

The Rise of Cybercrime: What the 2022 IC3 Report Reveals About Healthcare

Johns Hopkins Facing Multiple Lawsuits Over MOVEit Data Breach

$6 Million Settlement Proposed to Resolve UKG/Kronos Data Breach Lawsuit

Avamere Holdings Facing Class Action Lawsuit Over 2022 Cyberattack

Almost 6 Million Individuals Affected by PharMerica Data Breach

Schneck Medical Center Settles HIPAA Lawsuit with Indiana AG

Johns Hopkins Investigating Cyberattack and Data Breach

Cybercriminals Adopt Corporate Tactics to Address Declining Revenues

2021 HIPAA “Wall of Shame” Healthcare Data Breaches Up 7.5%

Stay Connected