HIPAA Journal

APRIL 5, 2023

Montgomery General Hospital in West Virginia has suffered a cyberattack that saw unauthorized individuals gain access to its IT systems on or around February 28, 2023, and deploy ransomware on or around March 1, 2023. The post Montgomery General Hospital Suffers Ransomware Attack and Data Leak appeared first on HIPAA Journal.

Ransomware 86

Ransomware Hospitals Electronic Medical Records HIPAA 86

HIPAA Journal

JANUARY 5, 2023

Back in June 2022 , HIPAA Journal reported on a cyberattack on Fitzgibbon Hospital in Marshall, MO, after being contacted directly by a spokesperson for a threat group called DAIXIN Team, who claimed responsibility for the attack. Howard Memorial Hospital Announces December 2022 Cyberattack.

Ransomware 115

Ransomware Hospitals HIPAA Licensing 115

HIPAA Journal

JUNE 27, 2023

In March 2023, Atlantic General Hospital notified the Maine Attorney General that it had fallen victim to a ransomware attack in which the protected health information of 30,704 individuals was exposed; however, the ransomware attack was far more extensive than was previously thought and the total has been upwardly revised to 136,981 individuals.

Ransomware 95

Ransomware Hospitals Health Insurance HIPAA 95

Healthcare IT Today

DECEMBER 22, 2023

Department of Health and Human Services (HHS) said it will update the HIPAA Security Rule in 2024 and will ask Congress for new laws and resources to increase civil money penalties for HIPAA violations, increase HIPAA enforcement, and conduct proactive audits.

HIPAA 118

HIPAA Ransomware Compliance Hospitals 118

HIPAA Journal

MARCH 29, 2024

It has been more than 5 weeks since Change Healthcare suffered a Blackcat ransomware attack. billion has been provided to safety net hospitals and federally qualified health centers that serve high-risk patients and communities. Department of State Offers $10 Million Reward for Information on ALPHV/Blackcat Ransomware Group The U.S.

Ransomware 98

Ransomware US Department of Health and Human Services HIPAA Hospitals 98

Med-Net Compliance

OCTOBER 17, 2022

The second largest nonprofit hospital chain in the United States has confirmed that it has fallen victim to a ransomware attack. The hospital chain said that upon discovering the ransomware attack they took immediate steps to protect their systems, contain the incident, begin an investigation, and ensure continuity of care.

Ransomware 59

Ransomware Hospitals HIPAA Nurses 59

HIPAA Journal

JANUARY 11, 2023

Healthcare ransomware attacks have at least doubled in the past 5 years, data recovery from backups has decreased, and it is now common for data to be stolen and publicly released following a successful attack, according to a new analysis recently published in the JAMA Health Forum. Out of the 374 confirmed ransomware attacks, only 20.6%

Ransomware 117

Ransomware HIPAA Hospitals 117

HIT Consultant

APRIL 29, 2024

In 2023, the healthcare industry faced its toughest year, with over 124 million health records breached in a total of 725 hacking incidents, according to The HIPAA Journal. Ensure that you document the contact numbers and email addresses for whom you have an Incident Response retainer with.

Ransomware 119

Ransomware HIPAA Compliance Hospitals 119

Healthcare IT Today

APRIL 4, 2024

That’s why we were particularly interested in this session at HIMSS 2024 that looked at how to create a HIPAA-Compliant BYOD program which balanced the security needs of a healthcare organization while still meeting the workflow needs of their users. Million in HIPAA fines. Plus, healthcare has up to $1.5

HIPAA 116

HIPAA Ransomware Hospitals 116

HIPAA Journal

FEBRUARY 16, 2022

Family Christian Health Center (FCHC) in Illinois has announced it was the victim of a ransomware attack in November 2021 that compromised the protected health information of 31,000 patients. Patient Data Potentially Compromised in Jackson County Hospital Ransomware Attack.

Ransomware 122

Ransomware Hospitals Licensing HIPAA 122

HIPAA Journal

JUNE 23, 2023

Ransomware attacks on hospitals cause major disruption to healthcare operations over several weeks. Ransomware attacks cause disruption to workflows, increase wait times, and slow patient flow, which can increase patient transfers and complication rates and negatively affect patient outcomes.

Ransomware 97

Ransomware Hospitals HIPAA 97

HIPAA Journal

APRIL 8, 2024

The Medusa ransomware group has leaked data stolen from American Renal Associates. Moffitt Cancer Center has been affected by a cyberattack on a vendor, and Family Health Center in Michigan and Zuckerberg San Francisco General Hospital have reported the exposure of patient data.

Ransomware 69

Ransomware Health Insurance Licensing HIPAA 69

HIPAA Journal

MAY 25, 2023

CommonSpirit Health has provided an updated estimate on the cost of its October 2022 ransomware attack, which is expected to increase to $160 million. The ransomware attack was detected by CommonSpirit Health on October 2, 2022, forcing systems to be taken offline. billion, and $25.6 billion for the 9 months to March 31.

Ransomware 114

Ransomware HIPAA Hospitals 114

HIPAA Journal

MARCH 23, 2023

Ransomware gangs are increasingly skipping file encryption and are concentrating on data theft and extortion, according to a recent report from Palo Alto Networks’ Unit 42 team. In the second half of 2021 and throughout 2022, around 1 in 10 attacks by ransomware gangs did not involve file encryption, only data theft and extortion.

Ransomware 91

Ransomware HIPAA Hospitals 91

HIPAA Journal

FEBRUARY 10, 2023

Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Department of Health and Human Services (HHS), and the Republic of Korea’s Defense Security Agency and National Intelligence Service warning of state-sponsored North Korean (DPRK) ransomware attacks on U.S.

Ransomware 103

Ransomware US Department of Health and Human Services HIPAA Hospitals 103

HIPAA Journal

APRIL 26, 2023

Ransomware actors continue to target the U.S. The most commonly detected malware were droppers, downloaders, remote access tools (RATs), and ransomware. Emotet is capable of self-propagation and lateral movement and is used to deliver malware and ransomware payloads.

Ransomware 106

Ransomware HIPAA Hospitals 106

HIPAA Journal

MARCH 21, 2023

ransomware, also known as LockBit Black. The LockBit ransomware group has been in operation since at least September 2019 and is one of the most prolific ransomware groups. LockBit is a ransomware-as-a-service operation that recruits affiliates to conduct attacks in return for a cut of the ransoms they generate.

Ransomware 102

Ransomware Hospitals HIPAA 102

HIT Consultant

MARCH 25, 2024

UnitedHealth Group’s technology unit, Change Healthcare, is currently facing an ongoing ransomware attack which has reverberated through healthcare systems and affected prescription deliveries. Most of the largest hacks targeted vendors who bill, mail, or provide other services for hospitals, doctors, and other health providers.

Ransomware 113

Ransomware US Department of Health and Human Services Regulatory Compliance Compliance 113

HIPAA Journal

MARCH 15, 2023

Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware attacks on critical infrastructure entities. The program is focused on identifying vulnerabilities in Internet-facing systems that are known to have been exploited by ransomware gangs in previous attacks.

Ransomware 91

Ransomware Governance HIPAA Hospitals 91

Health Care Performance

JULY 10, 2023

Several physicians conducted a study that was recently published in JAMA Open Network: Ransomware Attack Associated with Disruptions at Adjacent Emergency Departments in the US.

Ransomware 52

Ransomware Hospitals Compliance HIPAA 52

HIPAA Journal

FEBRUARY 5, 2024

Lurie Children’s Hospital in Chicago announced on its website and social media channels that it is responding to a cybersecurity incident and has been forced to take its network systems offline. No ransomware groups appear to have claimed responsibility at this stage. On February 1, 2024, Ann & Robert H.

Hospitals 84

Hospitals Ransomware HIPAA 84

HIPAA Journal

JUNE 12, 2023

The Pennsylvania-based business administration service provider, Onix Group, was the victim of a ransomware attack on March 27, 2023. The review of the files confirmed they contained the data of patients of healthcare clients Addiction Recovery Systems, Cadia Healthcare, Physician’s Mobile X-Ray, and Onix Hospitality Group.

Ransomware 77

Ransomware HIPAA Hospitals 77

HIPAA Journal

MAY 25, 2023

A recent study has confirmed that healthcare cyberattacks not only cause disruption at the organization that experiences an attack but also at emergency departments at neighboring hospitals, where patients face longer wait times due to increased patient numbers which place a strain on resources. increase in mean ambulance arrivals, a 6.7%

Hospitals 106

Hospitals Ransomware Electronic Medical Records HIPAA 106

HIPAA Journal

DECEMBER 30, 2022

A settlement has been proposed by Scripps Health to resolve a consolidated class action lawsuit – In Re: Scripps Health Data Incident Litigation – to resolve all claims related to its 2021 ransomware attack. The attack caused major disruption at Scripps Health hospitals. The deadline for submitting claims is March 23, 2023.

Ransomware 106

Ransomware HIPAA Licensing Doctors 106

HIPAA Journal

AUGUST 17, 2022

According to the breach notification sent to the California Attorney General, Practice Resources was the victim of a ransomware attack on April 12, 2022. Community Memorial Hospital, Inc. Crouse Health Hospital, Inc. Soldiers & Sailors Memorial Hospital—Physician Practices. Achieve Physical Therapy, PC.

Ransomware 123

Ransomware HIPAA Hospitals Health Insurance 123

HIPAA Journal

JANUARY 27, 2023

While the Hive ransomware operation was infiltrating servers, exfiltrating data, and demanding ransom payments from their victims, their activities were being observed from within. The websites used by the gang now display a notice rotating in English and Russian warning that the sites have been seized.

Ransomware 90

Ransomware HIPAA Hospitals 90

HIPAA Journal

MARCH 31, 2023

New York Presbyterian Hospital has reported a 54K-record data breach due to website tracking tools, ransomware attacks have been reported by Atlantic Dialysis Management Services and American Pain & Wellness, and there has been an impermissible disclosure of PHI by a former New Medical Health Care employee.

Hospitals 103

Hospitals Ransomware HIPAA Health Insurance 103

HIPAA Journal

AUGUST 7, 2023

Third-party cybersecurity specialists were engaged to investigate and determine the scope of the breach and the ransomware attack was reported to the Federal Bureau of Investigation (FBI), which has launched an investigation. It is currently unclear which ransomware group was behind the attack.

Ransomware 70

Ransomware HIPAA Hospitals 70

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. The Biggest HIPAA Breaches of 2022. The 12 biggest HIPAA breaches of 2022 affected almost 22.66 OneTouch Point – Ransomware Attack Involving 4.11

HIPAA 82

HIPAA Ransomware Health Insurance Compliance 82

HIPAA Journal

DECEMBER 9, 2022

CommonSpirit Health has confirmed that the protected health information of at least 623,774 patients was exposed and potentially stolen in its October 2022 ransomware attack. Michael Medical Center (formerly Harrison Hospital), St. Anne Hospital (formerly Highline Hospital), St. Anthony Hospital, St.

Ransomware 85

Ransomware Electronic Medical Records HIPAA Hospitals 85

HIPAA Journal

SEPTEMBER 13, 2022

Over the Labor Day weekend, Oakbend Medical Center in Richmond, TX, suffered a ransomware attack. Daixin Team is a relatively new threat group that is known to attack hospitals. In June 2022, the group conducted an attack on Fitzgibbon Hospital in Missouri and stole and published files containing sensitive patient data.

Ransomware 83

Ransomware HIPAA Doctors Governance 83

HIPAA Journal

JANUARY 16, 2023

The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence on two sophisticated and aggressive ransomware operations – Blackcat and Royal – which pose a significant threat to the healthcare and public health (HPH) sector. Royal is now the most active ransomware operation, having surpassed Lockbit.

Ransomware 85

Ransomware Public Health HIPAA Hospitals 85

HIPAA Journal

JANUARY 31, 2024

In the paper, the HHS indicated it will be adopting a carrot-and-stick approach by developing voluntary Healthcare and Public Health (HPH) Sector Cybersecurity Goals (CPGs) that consist of cybersecurity measures that will have the greatest impact on security along with an update to the HIPAA Security Rule to add new cybersecurity requirements.

Ransomware 122

Ransomware HIPAA Hospitals Compliance 122

HIPAA Journal

JANUARY 6, 2023

The Chicago, IL-based health system, CommonSpirit Health, is facing a class action lawsuit over its October 2022 ransomware attack. Malicious actors gained access to its IT systems on September 16, 2022, and deployed ransomware on October 2, 2022. Anne Hospital, St. Elizabeth Hospital, St. Anthony Hospital, St.

Ransomware 84

Ransomware Fraud Electronic Medical Records Hospitals 84

HIPAA Journal

AUGUST 8, 2023

The LockBit ransomware group has added Varian Medical Systems to its data leak site and has threatened to publish the data of cancer patients if the ransom is not paid. The post LockBit Ransomware Group Threatens to Publish Stolen Cancer Patient Data appeared first on HIPAA Journal.

Ransomware 90

Ransomware Licensing HIPAA Health Insurance 90

HIPAA Journal

MARCH 7, 2023

DoppelPaymer ransomware first appeared in 2019. Since then, the ransomware has been used in dozens of attacks on critical infrastructure organizations and industries, and private companies. The ransomware is based on BitPaymer ransomware, which is part of the Dridex malware family.

Ransomware 82

Ransomware Fraud HIPAA Hospitals 82

HIPAA Journal

APRIL 5, 2024

Warnings have been issued by the American Hospital Association (AHA) and the Health Sector Cybersecurity Coordination Center (HC3) about a social engineering campaign that targets IT helpdesk at U.S. The AHA was first made aware of the campaign in January 2024 and issued a warning to hospitals.

Hospitals 59

Hospitals Ransomware HIPAA Governance 59