HIPAA Journal

JANUARY 11, 2023

Healthcare ransomware attacks have at least doubled in the past 5 years, data recovery from backups has decreased, and it is now common for data to be stolen and publicly released following a successful attack, according to a new analysis recently published in the JAMA Health Forum. Out of the 374 confirmed ransomware attacks, only 20.6%

Ransomware 121

Ransomware HIPAA Hospitals 121

HIPAA Journal

APRIL 8, 2024

The Medusa ransomware group has leaked data stolen from American Renal Associates. American Renal Associates American Renal Associates (ARA), one of the largest providers of dialysis services in the United States and a provider of care for patients suffering from end-stage renal disease has experienced a Medusa ransomware attack.

Ransomware 73

Ransomware Health Insurance Licensing HIPAA 73

Compliancy Group

APRIL 4, 2023

One such case is the Community Health Systems (CHS) C10P Ransomware attack, which affected millions of patients and resulted in a multistate HIPAA settlement. ​​No No one is protected from HIPAA violation double jeopardy. What is Ransomware? Become HIPAA Compliant × Get HIPAA Compliant! Find Out More!

Ransomware 52

Ransomware HIPAA Compliance 52

HIPAA Journal

JUNE 29, 2022

On June 25, 2022, a spokesperson for a threat group called DAIXIN Team contacted HIPAA Journal to share information about a ransomware attack and data theft incident at Fitzgibbon Hospital in Marshall, Missouri. DAIXIN Team was previously not known to HIPAA Journal and appears to be a new ransomware group.

Ransomware 120

Ransomware Hospitals HIPAA Health Insurance 120

Healthcare IT Today

DECEMBER 22, 2023

Department of Health and Human Services (HHS) said it will update the HIPAA Security Rule in 2024 and will ask Congress for new laws and resources to increase civil money penalties for HIPAA violations, increase HIPAA enforcement, and conduct proactive audits.

HIPAA 107

HIPAA Ransomware Compliance Hospitals 107

HIPAA Journal

MARCH 10, 2023

Codman Square Health Center in Boston, MA, has confirmed that it was the victim of a ransomware attack in November 2022 in which hackers gained access to the protected health information of 10,161 current and former patients. The post Ransomware Attack Announced by Codman Square Health Center appeared first on HIPAA Journal.

Ransomware 115

Ransomware HIPAA 115

HIPAA Journal

MARCH 29, 2024

In February, Harvard Pilgrim Health Care revised the total number of individuals affected by an April 2023 ransomware attack, increasing the total by more than 81,000 to 2,632,275 individuals. The post Harvard Pilgrim Health Care Increases Ransomware Victim Count to 2.86 Million appeared first on HIPAA Journal.

Ransomware 71

Ransomware HIPAA Health Insurance 71

HIPAA Journal

DECEMBER 5, 2022

The Cuba ransomware group has increased attacks in the United States, with attacks doubling since December 2021, and ransom payments are also on the rise. According to CISA and the FBI, there are similarities between the infrastructure used by the Cuba ransomware operation and the RomCom RAT and Industrial Spy ransomware actors.

Ransomware 121

Ransomware Public Health HIPAA Governance 121

HIPAA Journal

NOVEMBER 23, 2022

Doctors’ Center Hospital in Puerto Rico has recently notified the Department of Health and Human Services’ Office for Civil Rights (OCR) that it has experienced a hacking/IT incident in which the protected health information of 1,195,220 patients has potentially been compromised. Million Patients appeared first on HIPAA Journal.

Ransomware 132

Ransomware Hospitals Doctors HIPAA 132

The HIPAA Blog

FEBRUARY 26, 2024

LaFourche Medical Group pays $480,000 to settle ransomware attack affecting 35.000 patients: An emergency and occupational medicine practice in Louisiana was a ransomware victim in 2021, the result of a successful email phishing attack.

Ransomware 45

Ransomware HIPAA 45

HIPAA Journal

JUNE 27, 2023

In March 2023, Atlantic General Hospital notified the Maine Attorney General that it had fallen victim to a ransomware attack in which the protected health information of 30,704 individuals was exposed; however, the ransomware attack was far more extensive than was previously thought and the total has been upwardly revised to 136,981 individuals.

Ransomware 100

Ransomware Hospitals Health Insurance HIPAA 100

HIPAA Journal

APRIL 26, 2023

Ransomware actors continue to target the U.S. The most commonly detected malware were droppers, downloaders, remote access tools (RATs), and ransomware. Emotet is capable of self-propagation and lateral movement and is used to deliver malware and ransomware payloads.

Ransomware 110

Ransomware HIPAA Hospitals 110

HIPAA Journal

MAY 25, 2023

CommonSpirit Health has provided an updated estimate on the cost of its October 2022 ransomware attack, which is expected to increase to $160 million. The ransomware attack was detected by CommonSpirit Health on October 2, 2022, forcing systems to be taken offline. The lawsuit was filed in December 2022 in the U.S.

Ransomware 118

Ransomware HIPAA Hospitals 118

HIPAA Journal

DECEMBER 8, 2022

The New York ambulance service, Empress EMS, is facing multiple class action lawsuits over a ransomware attack that was detected on July 14, 2022. The Hive ransomware group was behind the attack, and as per the group’s modus operandi , after gaining access to the network, sensitive files were stolen, then files were encrypted.

Ransomware 104

Ransomware HIPAA Fraud 104

HIPAA Journal

SEPTEMBER 12, 2023

Seymour, IN-based Schneck Medical Center has settled a lawsuit with the Indiana attorney general, Todd Rokita, over a 2021 ransomware attack and data breach that affected 89,707 Indiana residents. Schneck Medical Center Compensates Patients for Losses Schneck Medical Center has also recently settled a consolidated class action lawsuit for $1.3

HIPAA 91

HIPAA Ransomware Health Insurance Fraud 91

HIPAA Journal

FEBRUARY 9, 2024

The Healthcare and Public Health (HPH) Sector has been warned about cyberattacks involving Akira ransomware , of which there have been at least 81 since the new ransomware variant was discovered in May 2023. Akira is a ransomware-as-a-service (RaaS) operation that is thought to have ties to the Conti ransomware group.

Ransomware 73

Ransomware HIPAA Public Health 73

HIPAA Journal

FEBRUARY 8, 2024

In March 2023, CISA launched its Pre-Ransomware Notification Initiative which sees alerts issued if vulnerabilities are detected that are known to be actively exploited by ransomware groups to allow organizations to take action to prevent the vulnerabilities from being exploited.

Ransomware 81

Ransomware HIPAA 81

HIPAA Journal

DECEMBER 9, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare and public health (HPH) sector about Royal ransomware attacks. Royal ransomware is a new ransomware threat that was first observed being used in attacks in September 2022. Both will prevent files from being opened.

Ransomware 115

Ransomware HIPAA Public Health 115

HIPAA Journal

JULY 4, 2022

According to the company’s substitute breach notice, a sophisticated ransomware attack was detected and blocked on February 26, 2022; however, not in time to prevent some of its computer systems from being disabled. Third-party forensics specialists were engaged to investigate the breach and provide assistance with securing its environment.

Ransomware 132

Ransomware HIPAA Health Insurance Governance 132

HIPAA Journal

JANUARY 3, 2023

Ransomware attacks continue to be conducted on healthcare organizations in high numbers but determining the extent to which healthcare organizations are being targeted by ransomware gangs is a challenge. The decision whether or not to encrypt appears to be taken on an attack-by-attack basis.

Ransomware 115

Ransomware Hospitals HIPAA Governance 115

HIPAA Journal

MARCH 15, 2023

Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware attacks on critical infrastructure entities. The program is focused on identifying vulnerabilities in Internet-facing systems that are known to have been exploited by ransomware gangs in previous attacks.

Ransomware 94

Ransomware Governance HIPAA Hospitals 94

HIPAA Journal

MAY 25, 2022

Social Action Community Health System (SAC Health) has recently notified 149,940 patients that documents containing their protected health information were stolen in a break-in at an off-site storage location where patient records were stored. Bryan County Ambulance Authority Ransomware Attack Affects 14,000 Patients.

Ransomware 129

Ransomware Fraud HIPAA Licensing 129

HIPAA Journal

NOVEMBER 10, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has recently shared details of the tactics, techniques, and procedures associated with Venus ransomware attacks, and has made several recommendations on mitigations that healthcare organizations can implement to improve their defenses against attacks.

Ransomware 112

Ransomware HIPAA 112

HIPAA Journal

JUNE 13, 2022

Yuma Regional Medical Center (YRMC) in Arizona has announced it was the victim of a ransomware attack in April in which the attackers obtained the protected health information of approximately 700,000 current and former patients. Ransomware attacks often result in the exposure of stolen data if the ransom is not paid.

Ransomware 128

Ransomware Electronic Medical Records HIPAA Health Insurance 128

HIPAA Journal

JUNE 23, 2023

Ransomware attacks on hospitals cause major disruption to healthcare operations over several weeks. Ransomware attacks cause disruption to workflows, increase wait times, and slow patient flow, which can increase patient transfers and complication rates and negatively affect patient outcomes.

Ransomware 101

Ransomware Hospitals HIPAA 101

HIPAA Journal

DECEMBER 30, 2022

A settlement has been proposed by Scripps Health to resolve a consolidated class action lawsuit – In Re: Scripps Health Data Incident Litigation – to resolve all claims related to its 2021 ransomware attack. The ransomware attack has proven to be incredibly costly for Scripps Health.

Ransomware 111

Ransomware HIPAA Licensing Doctors 111

HIPAA Journal

NOVEMBER 13, 2023

A zero-day vulnerability in the SysAid IT service management solution is being exploited by the Lace Tempest (aka FIN11, DEV-0950, TA505) threat group to gain access to SysAid servers, steal data, and deploy Clop ransomware. After exfiltrating sensitive data, Clop ransomware was deployed and executed.

Ransomware 94

Ransomware HIPAA 94

HIPAA Journal

MARCH 16, 2023

The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence information about the Black Basta ransomware group to help network defenders prevent and rapidly detect attacks in progress. The Black Basta group was first identified in April 2022 and is known to conduct ransomware and extortion attacks.

Ransomware 102

Ransomware HIPAA Governance 102

HIPAA Journal

DECEMBER 15, 2022

It has now been confirmed that HMS suffered a ransomware attack on October 8, 2022. The information exposed and potentially stolen in the attack included names, addresses, birth dates, phone numbers, Social Security numbers, Medicare beneficiary identifiers, banking information, and Medicare entitlement, enrollment, and premium information.

Ransomware 111

Ransomware Medicare Medicare HIPAA 111

Compliancy Group

SEPTEMBER 5, 2023

To many people’s surprise, the vibrant city of Dallas has recently descended into chaos as it grapples with the aftermath of a treacherous ransomware attack. This assault has left no less than 30,253 innocent individuals vulnerable and exposed, their personal information compromised. Something is wrong with your submission.

Ransomware 98

Ransomware HIPAA Compliance Health Insurance 98

HIPAA Journal

MARCH 21, 2023

A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) about LockBit 3.0 ransomware, also known as LockBit Black. Ransomware appeared first on HIPAA Journal.

Ransomware 106

Ransomware Hospitals HIPAA 106

HIPAA Journal

MARCH 1, 2022

Ransomware attacks have recently been reported by four healthcare providers across the country, which have collectively resulted in the exposure and potential theft of the protected health information of more than 49,000 individuals. Jax Spine & Pain Centers. Augustine locations prior to May 2018. Extend Fertility.

Ransomware 138

Ransomware Licensing HIPAA Health Insurance 138

HIPAA Journal

NOVEMBER 23, 2022

The Rochester Hills, MI-based prosthetics, orthotics, and accessibility solution provider, Wright & Filippis, has recently announced that it was the victim of a ransomware attack on its network. The post 877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider appeared first on HIPAA Journal.

Ransomware 112

Ransomware Fraud Licensing HIPAA 112

HIPAA Journal

AUGUST 3, 2022

The health insurer Aetna ACE is one of the latest healthcare organizations to announce it has been affected by a ransomware attack on a mailing vendor, which involved the protected health information of 326,278 plan members. The ransomware attack affected OneTouchPoint, which provides printing and mailing services for U.S.

Ransomware 129

Ransomware HIPAA Health Insurance 129

HIPAA Journal

MARCH 28, 2023

A New York law firm that suffered a LockBit ransomware attack has agreed to pay a financial penalty of $200,000 to the New York Attorney General to resolve alleged violations of New York General Business Law and the Privacy and Security Rules of the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA 107

HIPAA Ransomware Malpractice Health Insurance 107

HIPAA Journal

JANUARY 26, 2023

Emotet commonly drops the IcedID banking Trojan, which in turn often delivers ransomware payloads. The QakBot operators provide initial access to networks for several ransomware operations. Throughout 2022, LockBit was the most commonly used ransomware variant and remained so throughout the 90-day analysis period.

Ransomware 122

Ransomware HIPAA 122

HIPAA Journal

JUNE 21, 2023

Onix Group, a Pennsylvania-based real estate development firm and provider of business management and consulting services, is being sued for failing to prevent a ransomware attack in which the hackers stole the protected health information of 320,000 individuals. The ransomware attack was detected by Onix Group on March 27.

Ransomware 96

Ransomware Fraud HIPAA 96