HIPAA Journal

MARCH 30, 2022

have confirmed they were recent victims of cyberattacks, both of which involved the use of ransomware. Ransomware Attack Affects 85,282 Law Enforcement Health Benefits Members. LEHB) has recently announced that it was the victim of a ransomware attack that was detected on September 14, 2021. Law Enforcement Health Benefits, Inc.

Ransomware 127

Ransomware Electronic Medical Records Licensing HIPAA 127

HIPAA Journal

AUGUST 8, 2023

The LockBit ransomware group has added Varian Medical Systems to its data leak site and has threatened to publish the data of cancer patients if the ransom is not paid. According to the listing, the stolen employee data includes Social Security numbers and bank account information.

Ransomware 91

Ransomware Licensing HIPAA Health Insurance 91

HIPAA Journal

AUGUST 3, 2022

Fast Track Urgent Care, a network of urgent healthcare clinics in Florida, has confirmed that 258,411 individuals have had their protected health information exposed and potentially stolen in a ransomware attack on billing and practice management vendor, PracticeMax.

Ransomware 106

Ransomware Health Insurance Licensing HIPAA 106

HIPAA Journal

FEBRUARY 16, 2022

Family Christian Health Center (FCHC) in Illinois has announced it was the victim of a ransomware attack in November 2021 that compromised the protected health information of 31,000 patients. Patient Data Potentially Compromised in Jackson County Hospital Ransomware Attack.

Ransomware 122

Ransomware Hospitals Licensing HIPAA 122

HIPAA Journal

MARCH 15, 2023

A lawsuit has been filed against Lehigh Valley Health Network (LVHN) over its recent BlackCat ransomware attack. The attack saw files encrypted after data was exfiltrated as is typical in ransomware attacks; however, the attack stood out due to the aggressive move of the threat group to increase the pressure on LVHN to pay the ransom.

Ransomware 104

Ransomware Fraud HIPAA Licensing 104

HIPAA Journal

MARCH 10, 2022

A round-up of 6 cyberattacks that have recently been reported by healthcare providers and business associates that resulted in the exposure and possible theft of patients’ protected health information. The files exfiltrated from its systems included the protected health information of patients. Duncan Regional Hospital.

Ransomware 124

Ransomware Licensing Health Insurance Hospitals 124

HIPAA Journal

FEBRUARY 7, 2023

Regal Medical Group, a San Bernardino, CA-based affiliate of the Heritage Provider Network, recently announced that it was attacked with ransomware. The forensic investigation confirmed that the attackers gained access to the servers on or around December 1 and exfiltrated files before the ransomware was deployed.

Ransomware 70

Ransomware Hospitals Licensing HIPAA 70

HIPAA Journal

JANUARY 5, 2023

That individual said the hospital’s systems had been compromised and 40GB of data had been exfiltrated, which included files containing patient names, dates of birth, medical record numbers, patient account numbers, Social Security numbers, and medical and treatment information. Howard Memorial Hospital Announces December 2022 Cyberattack.

Ransomware 115

Ransomware Hospitals HIPAA Licensing 115

HIPAA Journal

MARCH 10, 2023

According to the notifications, unauthorized individuals gained access to its network and used ransomware to encrypt files. MFHS said the sophisticated ransomware attack was discovered in April 2022. The post Maternal & Family Health Services Sued Over Ransomware Attack and Data Breach appeared first on HIPAA Journal.

Ransomware 85

Ransomware HIPAA Licensing Health Insurance 85

HIPAA Journal

JANUARY 9, 2023

Maternal & Family Health Services in Eastern Pennsylvania has recently notified certain patients about an April 4, 2022, ransomware attack in which sensitive patient data was exposed. Retreat Behavioral Health Ransomware Attack Affects Up to 23,620 Patients. Notifications were sent to affected individuals on January 3, 2023.

Ransomware 86

Ransomware HIPAA Licensing Health Insurance 86

HIPAA Journal

MAY 26, 2023

The failure to provide this information makes it difficult for victims of data breaches to assess the level of risk they face. That appears to be the case with two recent cyberattacks, neither of which mention ransomware or confirm that data theft occurred. provide more information. Vascular Center of Intervention, Inc.

Ransomware 60

Ransomware Health Insurance HIPAA Licensing 60

HIPAA Journal

NOVEMBER 28, 2022

(HHS) has recently announced that it was the victim of a ransomware attack. The investigation revealed an unauthorized third party first accessed its systems on June 10, 2022, several days prior to using ransomware to encrypt files. Ransomware Attack Affects Patients of Disability Services of the Southwest.

Ransomware 106

Ransomware Electronic Medical Records HIPAA Licensing 106

HIPAA Journal

JANUARY 27, 2023

Des Plaines, IL-based Lutheran Social Services of Illinois, one of the largest providers of social services in the state, has announced that its systems were compromised and ransomware was used to encrypt files. Both healthcare organizations were recently added to the data leak site of the BlackCat ransomware group.

Ransomware 88

Ransomware HIPAA Fraud Hospitals 88

HIPAA Journal

APRIL 28, 2022

Irvine, CA-based Smile Brands, a provider of support services for dental offices, has recently provided an update on the number of individuals affected by a ransomware attack that was discovered on April 24, 2021. The post Up to 2,592,494 individuals Affected by Smile Brands Ransomware Attack appeared first on HIPAA Journal.

Ransomware 110

Ransomware Health Insurance HIPAA Licensing 110

HIPAA Journal

AUGUST 29, 2023

Medical records extracted during the recent Prospect Medical Holdings ransomware attack are being allegedly offered for sale on the dark web according to social media sources. Because our investigation is ongoing, we do not have additional information to share at this time.

Ransomware 52

Ransomware Licensing HIPAA Hospitals 52

HIPAA Journal

SEPTEMBER 14, 2022

Medical Associates of the Lehigh Valley in Pennsylvania (MATLV) has announced that it recently fell victim to a sophisticated ransomware attack on its network. The types of information exposed in the attack varied from patient to patient. TennCare Reports Accidental Exposure of Patients’ PHI.

Ransomware 86

Ransomware Licensing HIPAA Health Insurance 86

HIPAA Journal

AUGUST 16, 2022

In August 2021, the Vice Society ransomware operation published data on its data leak site that had allegedly been obtained in a ransomware attack on United Health Centers of San Joaquin Valley. On August 31, 2021, Bleeping Computer was made aware of the data leak and made multiple attempts to notify United Health Centers.

Ransomware 98

Ransomware HIPAA Licensing Governance 98

HIPAA Journal

NOVEMBER 8, 2023

Mulkay Cardiology Consultants at Holy Name Medical Center has recently confirmed that it fell victim to a ransomware attack. The compromised information included names, addresses, dates of birth, Social Security numbers, driver’s license numbers or state IDs, medical treatment information, and health insurance information.

Ransomware 97

Ransomware Licensing Health Insurance HIPAA 97

HIPAA Journal

NOVEMBER 21, 2022

The Wisconsin-based dermatology practice, Forefront Dermatology, has agreed to settle a class action lawsuit filed on behalf of patients whose protected health information (PHI) was compromised in a ransomware attack in late May 2021. Million Settlement to Resolve Ransomware Lawsuit appeared first on HIPAA Journal.

Ransomware 64

Ransomware Fraud HIPAA Licensing 64

HIPAA Journal

APRIL 23, 2024

Notification letters have been sent to more than 34,500 individuals about ransomware attacks that occurred more than 9 months ago. A cybersecurity firm was engaged to investigate the disruption and confirmed that unauthorized individuals accessed its network and exfiltrated files containing the personal information of residents.

Ransomware 100

Ransomware Fraud Licensing HIPAA 100

HIPAA Journal

SEPTEMBER 8, 2022

The Michigan law firm, Warner Norcross and Judd LLP, has issued notification letters to 255,160 individuals advising them about an October 2021 security breach in which files containing their personal and protected health information were potentially accessed and exfiltrated from its systems. The breach was detected on October 22, 2021.

Fraud 98

Fraud Health Insurance Ransomware HIPAA 98

HIPAA Journal

NOVEMBER 17, 2022

Salud Family Health Provides Update on September 2022 Ransomware Attack. The breach was reported to the HHS’ Office for Civil Rights using a placeholder of 501 and that figure has yet to be updated on the OCR breach portal; however, the threat actor behind the attack – the Lorenz ransomware group – has dumped a sample of the files online.

Ransomware 81

Ransomware Health Insurance Hospitals Fraud 81

HIPAA Journal

APRIL 25, 2024

Politzer and Durocher, PLC, which does business as Optometric Physicians of Middle Tennessee (OPMT), has recently reported a hacking incident to the HHS Office for Civil Rights involving the personal and protected health information of 29,000 individuals. Advarra is notifying the affected individuals on behalf of Moffitt Cancer Center.

Licensing 86

Licensing HIPAA Ransomware 86

HIPAA Journal

MARCH 16, 2023

Florida Medical Clinic, NorthStar Emergency Medical Services, Denver Public Schools, Wichita Urology Group, and The Bone & Joint Clinic have recently reported hacking incidents and the exposure and potential theft of protected health information. No financial information was compromised, and only 115 Social Security numbers were exposed.

Electronic Medical Records 64

Electronic Medical Records Health Insurance Ransomware HIPAA 64

HIPAA Journal

SEPTEMBER 8, 2023

Just Kids Dental Suffers Ransomware Attack Acadia Health, LLC, doing business as Just Kids Dental, has started notifying 129,623 patients that some of their protected health information was stolen in an August 2, 2023, ransomware attack. The types of information involved varied from individual to individual.

Licensing 98

Licensing Ransomware Health Insurance HIPAA 98

HIPAA Journal

SEPTEMBER 8, 2022

The Michigan law firm, Warner Norcross and Judd LLP, has issued notification letters to 255,160 individuals advising them about an October 2021 security breach in which files containing their personal and protected health information were potentially accessed and exfiltrated from its systems. The breach was detected on October 22, 2021.

Fraud 70

Fraud Health Insurance Ransomware HIPAA 70

HIPAA Journal

FEBRUARY 8, 2024

Azura Vascular Care, a Pennsylvania-based operator of 70 outpatient vascular centers and ambulatory surgery centers in 25 states and Puerto Rico, notified the HHS’ Office for Civil Rights last month about a cybersecurity incident involving the protected health information of 348,000 patients. The incident was detected on November 9, 2023.

Ransomware 82

Ransomware Electronic Medical Records Licensing Health Insurance 82

HIPAA Journal

MAY 2, 2023

NYSARC Columbia County Chapter Notifies Individuals About July 2022 Ransomware Attack NYSARC Columbia County Chapter (COARC) has started notifying certain individuals that some of their protected health information has potentially been obtained by unauthorized individuals in a July 2022 ransomware attack.

Ransomware 94

Ransomware Licensing Health Insurance HIPAA 94

HIPAA Journal

JUNE 22, 2023

A third-party cybersecurity firm was engaged to investigate the incident and confirmed that the parts of the network that were accessed contained patients’ protected health information, although, at this stage of the investigation, it is unclear if patient data was viewed or copied from its systems.

Ransomware 76

Ransomware Licensing HIPAA 76

HIPAA Journal

MARCH 29, 2023

Atlantic General Hospital – Ransomware Attack Atlantic General Hospital (AGH) in Berlin, MD, has recently reported a ransomware attack to the Maine Attorney General that has affected up to 30,704 individuals. in Oklahoma has reported a breach of the protected health information of 3,013 OU Health patients.

Hospitals 99

Hospitals Ransomware Licensing Health Insurance 99

HIPAA Journal

AUGUST 2, 2023

The administrative service provider said suspicious activity was detected within its network in early December 2022, and the forensic investigation confirmed on December 15, 2022, that an unauthorized third party accessed parts of its computer network where personal health information was stored.

Licensing 72

Licensing Electronic Medical Records Ransomware Health Insurance 72

HIPAA Journal

JUNE 8, 2023

The Iowa Department of Health and Human Services has announced there have been three separate breaches of the protected health information of Iowa Medicaid recipients in the past two months – two hacking incidents and an impermissible disclosure, all three of which involved third-party contractors.

Medicaid 81

Medicaid Medicaid Ransomware Health Insurance 81

HIPAA Journal

DECEMBER 29, 2022

has confirmed that the protected health information of up to 269,752 patients of Lake Charles Memorial Health System has been compromised. Southwest Louisiana Health Care System did not disclose the exact nature of the cyberattack, but the Hive ransomware gang claimed responsibility. Southwest Louisiana Health Care System, Inc.

Ransomware 95

Ransomware Health Insurance Licensing Medical Billing 95

HIPAA Journal

JULY 25, 2023

Rite Aid has confirmed that the protected health information of up to 24,400 of its customers has been stolen in a cyberattack. The stolen files contained names, birth dates, addresses, prescription information, and limited insurance information. Financial information was not compromised.

Ransomware 80

Ransomware Licensing HIPAA Health Insurance 80

HIPAA Journal

FEBRUARY 15, 2023

The medical device manufacturer Electromed has proposed a $850,000 settlement to resolve claims related to a June 2021 ransomware attack and data breach involving the protected health information of 47,200 individuals.

Ransomware 84

Ransomware Fraud Licensing Health Insurance 84

HIPAA Journal

JULY 27, 2023

UT Southwestern Medical Center (UTSW) has recently confirmed that the protected health information of 98,437 patients was stolen in a cyberattack on May 28, 2023. Family Vision of Anderson Suffers Ransomware Attack Family Vision of Anderson in South Carolina was the victim of a May 2023 ransomware attack.

Ransomware 87

Ransomware Licensing Health Insurance HIPAA 87

HIPAA Journal

SEPTEMBER 12, 2023

Seymour, IN-based Schneck Medical Center has settled a lawsuit with the Indiana attorney general, Todd Rokita, over a 2021 ransomware attack and data breach that affected 89,707 Indiana residents. Schneck Medical Center Compensates Patients for Losses Schneck Medical Center has also recently settled a consolidated class action lawsuit for $1.3

HIPAA 87

HIPAA Ransomware Health Insurance Fraud 87