Ransomware Gangs Claim Health Plan and Healthcare Provider Attacked
Partnership Health Plan of California Recovering from Suspected Ransomware Attack
The Fairfield, CA-based nonprofit managed care health plan, Partnership Health Plan of California (PHC), has suffered a cyberattack that has taken its IT systems out of action for more than a week. PHC started notifying regional healthcare clinics on March 21, 2022, that its IT systems were disrupted, along with its website and phone lines and that efforts were underway to restore its systems. A timeline for when IT systems would likely be restored was not provided.
PHC did not state in its notifications what caused the outage, but it appears to have been a ransomware attack by the Hive ransomware operation. The Hive ransomware gang claimed responsibility for the cyberattack on its clear web and dark web sites and said 400 gigabytes of data was exfiltrated from PHC systems that included 850,000 unique records of name, SSNs, dates of birth, addresses, and other information. That claim has since been removed.
PHC has yet to confirm whether ransomware was used and the extent to which plan members’ data has been affected. PHC has around 618,000 health plan members in Northern California. The Hive ransomware gang is known to target the healthcare industry, having previously conducted ransomware attacks on Memorial Health System and Johnson Memorial Health last year.
Cancer and Hematology Centers of Western Michigan Suffers Ransomware Attack
Cancer and Hematology Centers of Western Michigan has recently announced it was the victim of a ransomware attack in December 2021 that affected part of its database. The healthcare provider said it partnered with a third-party IT and forensics firm to investigate the breach and restore its systems.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The breach investigation did not uncover evidence to suggest any patient data has been misused, but the parts of its systems that were accessed by the attackers contained patients’ health records and employees’ Social Security numbers and bank account information.
Cancer and Hematology Centers of Western Michigan has started notifying affected individuals and complimentary credit monitoring services have been offered. Steps have been taken to strengthen data security procedures, including decommissioning several servers, providing additional training to the workforce, reviewing security policies and procedures, and contracting with a third-party company to provide ongoing security monitoring.
The breach has been reported to the HHS’ Office for Civil Rights as affecting 43,071 individuals.
LockBit Ransomware Gang Claims to Have Attacked Val Verde Regional Medical Center
The LockBit ransomware gang has recently published data on its leak site which it claims was stolen in a ransomware attack on Val Verde Regional Medical Center in Texas.
Lockbit has published around 400 MB of data on its website which includes files that include the data of more than 96,000 patients. The files contain information such as names, patient ID numbers, account numbers, email addresses, addresses, phone numbers, dates of birth, employer addresses, marital status, guarantor names, referring physician names, health insurance information, notes, and other information.
Val Verde Regional Medical Center said in a breach notice on its website that it was conformed on March 24, 2022 that patient information was stolen in the attack, and reported the incident to the HHS’ Office for Civil Rights on May 24, 2022. THe breach portal indicates the PHI of 86,562 individuals was compromised in the attack.
