Information and Ransomware - Health Care Compliance Brief

HHS reaches second-ever ransomware settlement

Healthcare Dive

FEBRUARY 22, 2024

A mental healthcare provider didn’t have sufficient protections in place before a ransomware attack exposed the protected health information of more than 14,000 people, according to the HHS’ Office for Civil Rights.

Ransomware

Hacking incident at Michigan surgical group exposes information of 15K patients

Healthcare Dive

MARCH 8, 2023

It appears that patient information was uploaded to the dark web by ransomware group BianLian, Brett Callow, threat analyst for cybersecurity firm Emsisoft, confirmed to Healthcare Dive.

Ransomware

OctaPharma Plasma Closes Donation Centers While It Deals with Suspected Ransomware Attack

HIPAA Journal

APRIL 22, 2024

At this stage, Octapharma has yet to provide any further details about the attack, such as whether ransomware was used to encrypt files, and said further information will be released as the investigation progresses. BlackSuit is a relatively new ransomware operation that was discovered in May 2023.

Ransomware

Ransomware HIPAA Public Health Governance

CommonSpirit says ransomware attack exposed patient information

Healthcare Dive

DECEMBER 5, 2022

The cyberattack has interrupted access to electronic health records and delayed patient care in multiple regions.

Ransomware

HHS announces first ransomware settlement

Healthcare Dive

NOVEMBER 1, 2023

Doctors’ Management Services agreed to settle claims it did not comply with HIPAA breach rules and failed to identify risks after a cyberattack exposed the information of more than 200,000 patients.

Ransomware

Ransomware HIPAA Doctors

CISA, FBI warn health systems and others of Clop MFT ransomware tactics

Healthcare It News

JUNE 13, 2023

A new joint federal cybersecurity warning says that the Clop Ransomware Gang, also known as TA505, began exploiting a previously unknown vulnerability this past month in one of Progress Software's managed file transfer tools, known as MOVEit Transfer. x and forward – along with software upgrades and patches.

Ransomware

Ransomware HIPAA Public Health

Vendor ransomware attack exposes patient data at Tennessee hospital

Becker's Health IT

MARCH 20, 2024

based Regional One Health's obstetrics and gynecology patients' information may have been compromised due to a ransomware attack on a technology vendor KMJ Health Solutions. Memphis, Tenn.-based

Ransomware

Ransomware Hospitals

CommonSpirit ransomware attack exposed personal information of 623K people, system says

Healthcare Dive

DECEMBER 12, 2022

This is the first time that the health system has disclosed the number of people potentially affected by the cyberattack earlier this year.

Ransomware

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates

HIPAA Journal

APRIL 8, 2024

The Medusa ransomware group has leaked data stolen from American Renal Associates. American Renal Associates American Renal Associates (ARA), one of the largest providers of dialysis services in the United States and a provider of care for patients suffering from end-stage renal disease has experienced a Medusa ransomware attack.

Ransomware

Ransomware Health Insurance Licensing HIPAA

UnitedHealth Group Confirms Data Stolen in Change Healthcare Ransomware Attack

HIPAA Journal

MARCH 29, 2024

It has been more than 5 weeks since Change Healthcare suffered a Blackcat ransomware attack. While it is currently unclear what types of data were stolen in the attack, UnitedHealth Group said personally identifiable health information, eligibility and claims information, and financial information are likely to have been compromised.

Ransomware

Ransomware US Department of Health and Human Services HIPAA Hospitals

Patient sues CommonSpirit over ransomware attack

Healthcare Dive

JANUARY 5, 2023

A Washington state man alleged his personal health information is now in the hands of cybercriminals and is seeking to bring a class action suit against the health system.

Ransomware

Ransomware Attack Leads to Another OCR Settlement

Compliancy Group

FEBRUARY 23, 2024

The HHS settlement, resulting from an investigation into a 2019 ransomware attack, requires the behavioral health provider to pay $40,000, implement a corrective action plan, and submit to three years of OCR monitoring. In October 2023, HHS settled its first ransomware investigation with a business associate for $100,000.

Ransomware

Ransomware HIPAA Compliance

Study Identifies Healthcare Ransomware Attack Trends

HIPAA Journal

JANUARY 11, 2023

Healthcare ransomware attacks have at least doubled in the past 5 years, data recovery from backups has decreased, and it is now common for data to be stolen and publicly released following a successful attack, according to a new analysis recently published in the JAMA Health Forum. Out of the 374 confirmed ransomware attacks, only 20.6%

Ransomware

Ransomware HIPAA Hospitals

Pennsylvania health system CISO looks to launch ransomware board game

Becker's Health IT

SEPTEMBER 11, 2023

Aaron Weismann, the chief information security officer of Radnor Township, Penn.-based based Main Line Health, is looking to launch Guardians of the Grid, a ransomware board game that simulates a cyberattack.

Ransomware

Healthcare Sector Warned About Cuba Ransomware Attacks

HIPAA Journal

DECEMBER 5, 2022

The Cuba ransomware group has increased attacks in the United States, with attacks doubling since December 2021, and ransom payments are also on the rise. According to CISA and the FBI, there are similarities between the infrastructure used by the Cuba ransomware operation and the RomCom RAT and Industrial Spy ransomware actors.

Ransomware

Ransomware Public Health HIPAA Governance

Healthcare Industry Facing Increased Malware and Ransomware Threats

HIPAA Journal

APRIL 26, 2023

Ransomware actors continue to target the U.S. The most commonly detected malware were droppers, downloaders, remote access tools (RATs), and ransomware. Emotet is capable of self-propagation and lateral movement and is used to deliver malware and ransomware payloads.

Ransomware

Ransomware HIPAA Hospitals

How Healthcare Organizations Can Defend Against Ransomware

HIT Consultant

OCTOBER 4, 2023

More ransomware attacks targeted healthcare in 2022 than any other critical infrastructure sector, according to the FBI’s Internet Crime Complaint Center (IC3). In the spring, the Multi-State Information Sharing and Analysis Center (MS-ISAC) released new guidelines aimed at supporting healthcare organizations against cyber-attacks.

Ransomware

Ransomware Hospitals Nurses Doctors

Fitzgibbon Hospital, Diskriter, Christiana Spine Center Suffer Ransomware Attacks

HIPAA Journal

JUNE 29, 2022

On June 25, 2022, a spokesperson for a threat group called DAIXIN Team contacted HIPAA Journal to share information about a ransomware attack and data theft incident at Fitzgibbon Hospital in Marshall, Missouri. DAIXIN Team was previously not known to HIPAA Journal and appears to be a new ransomware group.

Ransomware

Ransomware Hospitals HIPAA Health Insurance

Healthcare Sector Warned About Akira Ransomware Attacks

HIPAA Journal

FEBRUARY 9, 2024

The Healthcare and Public Health (HPH) Sector has been warned about cyberattacks involving Akira ransomware , of which there have been at least 81 since the new ransomware variant was discovered in May 2023. Akira is a ransomware-as-a-service (RaaS) operation that is thought to have ties to the Conti ransomware group.

Ransomware

Ransomware HIPAA Public Health

Healthcare Organizations Warned About Royal Ransomware Attacks

HIPAA Journal

DECEMBER 9, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare and public health (HPH) sector about Royal ransomware attacks. Royal ransomware is a new ransomware threat that was first observed being used in attacks in September 2022. Both will prevent files from being opened.

Ransomware

Ransomware HIPAA Public Health

Harvard Pilgrim Health Care Increases Ransomware Victim Count to 2.86 Million

HIPAA Journal

MARCH 29, 2024

In February, Harvard Pilgrim Health Care revised the total number of individuals affected by an April 2023 ransomware attack, increasing the total by more than 81,000 to 2,632,275 individuals. The post Harvard Pilgrim Health Care Increases Ransomware Victim Count to 2.86 Million appeared first on HIPAA Journal.

Ransomware

Ransomware HIPAA Health Insurance

CISA Launches Ransomware Vulnerability Warning Pilot Program

HIPAA Journal

MARCH 15, 2023

Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware attacks on critical infrastructure entities. The program is focused on identifying vulnerabilities in Internet-facing systems that are known to have been exploited by ransomware gangs in previous attacks.

Ransomware

Ransomware Governance HIPAA Hospitals

Atlantic General Hospital Increases Ransomware Victim Count to Almost 140,000 Individuals

HIPAA Journal

JUNE 27, 2023

In March 2023, Atlantic General Hospital notified the Maine Attorney General that it had fallen victim to a ransomware attack in which the protected health information of 30,704 individuals was exposed; however, the ransomware attack was far more extensive than was previously thought and the total has been upwardly revised to 136,981 individuals.

Ransomware

Ransomware Hospitals Health Insurance HIPAA

SAC Health Theft Incident and Multiple Ransomware Attacks Reported

HIPAA Journal

MAY 25, 2022

Social Action Community Health System (SAC Health) has recently notified 149,940 patients that documents containing their protected health information were stolen in a break-in at an off-site storage location where patient records were stored. Bryan County Ambulance Authority Ransomware Attack Affects 14,000 Patients.

Ransomware

Ransomware Fraud HIPAA Licensing

Ransomware Attack on Puerto Rico Hospital Affects Almost 1.2 Million Patients

HIPAA Journal

NOVEMBER 23, 2022

Doctors’ Center Hospital in Puerto Rico has recently notified the Department of Health and Human Services’ Office for Civil Rights (OCR) that it has experienced a hacking/IT incident in which the protected health information of 1,195,220 patients has potentially been compromised. Million Patients appeared first on HIPAA Journal.

Ransomware

Ransomware Hospitals Doctors HIPAA

Ransomware Preparedness in Healthcare – Are you Doing the Basics?

Healthcare IT Today

MARCH 14, 2023

The following is a guest article by Chad Peterson, Managing Director at NetSPI As ransomware attacks become more sophisticated, healthcare organizations have become desirable targets due to the valuable data shared across medical records and the constant need for service availability.

Ransomware

Ransomware Regulatory Compliance HIPAA Compliance

Four Healthcare Providers Hit with Ransomware Attacks

HIPAA Journal

MARCH 1, 2022

Ransomware attacks have recently been reported by four healthcare providers across the country, which have collectively resulted in the exposure and potential theft of the protected health information of more than 49,000 individuals. Jax Spine & Pain Centers. Augustine locations prior to May 2018. Extend Fertility.

Ransomware

Ransomware Licensing HIPAA Health Insurance

HC3 Sounds Alarm About Venus Ransomware

HIPAA Journal

NOVEMBER 10, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has recently shared details of the tactics, techniques, and procedures associated with Venus ransomware attacks, and has made several recommendations on mitigations that healthcare organizations can implement to improve their defenses against attacks.

Ransomware

Ransomware HIPAA

CommonSpirit Health Says Ransomware Attack Likely to Cost $160 Million

HIPAA Journal

MAY 25, 2023

CommonSpirit Health has provided an updated estimate on the cost of its October 2022 ransomware attack, which is expected to increase to $160 million. The ransomware attack was detected by CommonSpirit Health on October 2, 2022, forcing systems to be taken offline. The lawsuit was filed in December 2022 in the U.S.

Ransomware

Ransomware HIPAA Hospitals

HHS reaches $100K ransomware settlement with healthcare org

Becker's Health IT

NOVEMBER 1, 2023

agreed to pay HHS and the Office for Civil Rights a $100,000 settlement due to a ransomware attack that affected the protected health information of 206,695 individuals, marking the first ransomware agreement OCR has made. Doctors' Management Services, a medical management company based in West Bridgewater, Mass.,

Ransomware

Ransomware Doctors

CISA Pre-Ransomware Alerts Helped 154 Healthcare Organizations Save Millions in Costs

HIPAA Journal

FEBRUARY 8, 2024

In March 2023, CISA launched its Pre-Ransomware Notification Initiative which sees alerts issued if vulnerabilities are detected that are known to be actively exploited by ransomware groups to allow organizations to take action to prevent the vulnerabilities from being exploited.

Ransomware

Ransomware HIPAA

Study Identifies Lack of Preparedness for Ransomware Attacks in Emergency Departments

HIPAA Journal

JUNE 23, 2023

Ransomware attacks on hospitals cause major disruption to healthcare operations over several weeks. Ransomware attacks cause disruption to workflows, increase wait times, and slow patient flow, which can increase patient transfers and complication rates and negatively affect patient outcomes.

Ransomware

Ransomware Hospitals HIPAA

Feds Release Updated Threat Intelligence on LockBit 3.0 Ransomware

HIPAA Journal

MARCH 21, 2023

A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) about LockBit 3.0 ransomware, also known as LockBit Black. Ransomware appeared first on HIPAA Journal.

Ransomware

Ransomware Hospitals HIPAA

Healthcare Industry Most Commonly Attacked with Downloaders and Ransomware

HIPAA Journal

JANUARY 26, 2023

Emotet commonly drops the IcedID banking Trojan, which in turn often delivers ransomware payloads. The QakBot operators provide initial access to networks for several ransomware operations. Throughout 2022, LockBit was the most commonly used ransomware variant and remained so throughout the 90-day analysis period.

Ransomware

Ransomware HIPAA

Ransomware Attack Announced by Codman Square Health Center

HIPAA Journal

MARCH 10, 2023

Codman Square Health Center in Boston, MA, has confirmed that it was the victim of a ransomware attack in November 2022 in which hackers gained access to the protected health information of 10,161 current and former patients. The post Ransomware Attack Announced by Codman Square Health Center appeared first on HIPAA Journal.

Ransomware

Ransomware HIPAA

HC3 Shares Black Basta Ransomware Threat Intelligence Data

HIPAA Journal

MARCH 16, 2023

The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence information about the Black Basta ransomware group to help network defenders prevent and rapidly detect attacks in progress. The Black Basta group was first identified in April 2022 and is known to conduct ransomware and extortion attacks.

Ransomware

Ransomware HIPAA Governance

Scripps Health Proposes $3.5M Settlement to Resolve Class Action Ransomware Lawsuit

HIPAA Journal

DECEMBER 30, 2022

A settlement has been proposed by Scripps Health to resolve a consolidated class action lawsuit – In Re: Scripps Health Data Incident Litigation – to resolve all claims related to its 2021 ransomware attack. The ransomware attack has proven to be incredibly costly for Scripps Health.

Ransomware

Ransomware HIPAA Licensing Doctors

SysAid Zero-Day Vulnerability Exploited to Deploy Clop Ransomware

HIPAA Journal

NOVEMBER 13, 2023

A zero-day vulnerability in the SysAid IT service management solution is being exploited by the Lace Tempest (aka FIN11, DEV-0950, TA505) threat group to gain access to SysAid servers, steal data, and deploy Clop ransomware. After exfiltrating sensitive data, Clop ransomware was deployed and executed.

Ransomware

Ransomware HIPAA

290 Hospitals Potentially Affected by Ransomware Attacks in 2022

HIPAA Journal

JANUARY 3, 2023

Ransomware attacks continue to be conducted on healthcare organizations in high numbers but determining the extent to which healthcare organizations are being targeted by ransomware gangs is a challenge. The decision whether or not to encrypt appears to be taken on an attack-by-attack basis.

Ransomware

Ransomware Hospitals HIPAA Governance

700,000 Patients Affected by Yuma Regional Medical Center Ransomware Attack

HIPAA Journal

JUNE 13, 2022

Yuma Regional Medical Center (YRMC) in Arizona has announced it was the victim of a ransomware attack in April in which the attackers obtained the protected health information of approximately 700,000 current and former patients. Ransomware attacks often result in the exposure of stolen data if the ransom is not paid.

Ransomware

Ransomware Electronic Medical Records HIPAA Health Insurance

326,278 Aetna ACE Members Affected by Ransomware Attack at Mailing Vendor

HIPAA Journal

AUGUST 3, 2022

The health insurer Aetna ACE is one of the latest healthcare organizations to announce it has been affected by a ransomware attack on a mailing vendor, which involved the protected health information of 326,278 plan members. The ransomware attack affected OneTouchPoint, which provides printing and mailing services for U.S.

Ransomware

Ransomware HIPAA Health Insurance

Comprehensive LockBit Ransomware Cybersecurity Advisory Issued by CISA & Partners

HIPAA Journal

JUNE 15, 2023

This joint advisory on LockBit is another example of effective collaboration with our partners to provide timely and actionable resources to help all organizations understand and defend against this ransomware activity,” said CISA Executive Assistant Director for Cybersecurity, Eric Goldstein. “As

Ransomware

Ransomware HIPAA Governance

What Healthcare Leaders Need to Do Now About Ransomware

HIT Consultant

MARCH 20, 2022

If ransomware is not a topic of conversation around any healthcare organization’s boardroom table, directors and senior executives may be exposing the organization (and themselves) to considerable risk. Here’s a guide to ransomware trends for 2022 and steps healthcare leaders can take to help protect their organizations.

Ransomware

Ransomware HIPAA Governance Hospitals

Naked Patient Photos Published After Ransomware Attack on Plastic Surgery Clinic

HIPAA Journal

JULY 17, 2023

Gary Motykie was recently contacted by a cyber threat actor who claimed to have accessed his IT systems and was in possession of sensitive patient information. The types of data varied from individual to individual and may have included only some of the above information. Private images of Dr. Gary Motykie were also published online.

Ransomware

Ransomware HIPAA Licensing Health Insurance

HHS reaches second-ever ransomware settlement

Hacking incident at Michigan surgical group exposes information of 15K patients

Trending Sources

OctaPharma Plasma Closes Donation Centers While It Deals with Suspected Ransomware Attack

CommonSpirit says ransomware attack exposed patient information

HHS announces first ransomware settlement

CISA, FBI warn health systems and others of Clop MFT ransomware tactics

Vendor ransomware attack exposes patient data at Tennessee hospital

CommonSpirit ransomware attack exposed personal information of 623K people, system says

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates

UnitedHealth Group Confirms Data Stolen in Change Healthcare Ransomware Attack

Patient sues CommonSpirit over ransomware attack

Ransomware Attack Leads to Another OCR Settlement

Study Identifies Healthcare Ransomware Attack Trends

Pennsylvania health system CISO looks to launch ransomware board game

Healthcare Sector Warned About Cuba Ransomware Attacks

Healthcare Industry Facing Increased Malware and Ransomware Threats

How Healthcare Organizations Can Defend Against Ransomware

Fitzgibbon Hospital, Diskriter, Christiana Spine Center Suffer Ransomware Attacks

Healthcare Sector Warned About Akira Ransomware Attacks

Healthcare Organizations Warned About Royal Ransomware Attacks

Harvard Pilgrim Health Care Increases Ransomware Victim Count to 2.86 Million

CISA Launches Ransomware Vulnerability Warning Pilot Program

Atlantic General Hospital Increases Ransomware Victim Count to Almost 140,000 Individuals

SAC Health Theft Incident and Multiple Ransomware Attacks Reported

Ransomware Attack on Puerto Rico Hospital Affects Almost 1.2 Million Patients

Ransomware Preparedness in Healthcare – Are you Doing the Basics?

Four Healthcare Providers Hit with Ransomware Attacks

HC3 Sounds Alarm About Venus Ransomware

CommonSpirit Health Says Ransomware Attack Likely to Cost $160 Million

HHS reaches $100K ransomware settlement with healthcare org

CISA Pre-Ransomware Alerts Helped 154 Healthcare Organizations Save Millions in Costs

Study Identifies Lack of Preparedness for Ransomware Attacks in Emergency Departments

Feds Release Updated Threat Intelligence on LockBit 3.0 Ransomware

Healthcare Industry Most Commonly Attacked with Downloaders and Ransomware

Ransomware Attack Announced by Codman Square Health Center

HC3 Shares Black Basta Ransomware Threat Intelligence Data

Scripps Health Proposes $3.5M Settlement to Resolve Class Action Ransomware Lawsuit

SysAid Zero-Day Vulnerability Exploited to Deploy Clop Ransomware

290 Hospitals Potentially Affected by Ransomware Attacks in 2022

700,000 Patients Affected by Yuma Regional Medical Center Ransomware Attack

326,278 Aetna ACE Members Affected by Ransomware Attack at Mailing Vendor

Comprehensive LockBit Ransomware Cybersecurity Advisory Issued by CISA & Partners

What Healthcare Leaders Need to Do Now About Ransomware

Naked Patient Photos Published After Ransomware Attack on Plastic Surgery Clinic

Stay Connected