HIPAA Journal

JANUARY 16, 2023

The number of reported healthcare data breaches declined for the second successive month, with 40 data breaches of 500 or more healthcare records reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) in December 2022 – The lowest monthly total of the year and 29.7% Ransomware attack. Ransomware attack.

Ransomware 136

Ransomware HIPAA Hospitals 136

HIPAA Journal

JUNE 29, 2022

On June 25, 2022, a spokesperson for a threat group called DAIXIN Team contacted HIPAA Journal to share information about a ransomware attack and data theft incident at Fitzgibbon Hospital in Marshall, Missouri. DAIXIN Team was previously not known to HIPAA Journal and appears to be a new ransomware group.

Ransomware 139

Ransomware Hospitals HIPAA Health Insurance 139

HIPAA Journal

AUGUST 11, 2022

Between January 1, 2022, and June 30, 2022, 347 healthcare data breaches of 500 or more records were reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) – the same number of data breaches reported in 2H, 2021. million, and the fall continued in 1H, 2022, when 20.2 Ransomware attack.

HIPAA 133

HIPAA Ransomware Electronic Medical Records Compliance 133

HIPAA Journal

MARCH 31, 2025

The deal was closed in June 2022, and Cerner became Oracle Health. It is unclear if ransomware was used, but data was exfiltrated and is being used in extortion attempts against the affected providers. Multiple Hospitals appeared first on The HIPAA Journal. The post Oracle Health Breach Affects Patients of Multiple U.S.

Hospitals 85

Hospitals Ransomware HIPAA 85

HIPAA Journal

FEBRUARY 22, 2022

50 healthcare data breaches of 500 or more records were reported to the HHS’ Office for Civil Rights (OCR) in January 2022. 726 data breaches of 500 or more records were reported to OCR in the 12 months from February 2021 to January 2022, and 42,175,121 records were breached across those 726 incidents. Ransomware attack.

Ransomware 129

Ransomware HIPAA Hospitals Compliance 129

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. In addition to the high number of data breaches, 2022 stands out for the sheer number of healthcare records breached, which currently stands at 49.8

HIPAA 106

HIPAA Ransomware Health Insurance Compliance 106

HIPAA Journal

JUNE 21, 2022

May 2022 saw a 25% increase in healthcare data breaches of 500 or more records. 70 data breaches of 500 or more records were reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) in May 2022, which is the highest monthly total this year and well above the 12-month average of 56.75 Ransomware attack.

Ransomware 132

Ransomware HIPAA Compliance 132

HIPAA Journal

FEBRUARY 22, 2023

A lawsuit has been filed against Freehold Township, NJ-based CentraState Healthcare System over its December 2022 ransomware attack, a few days after the health system started sending notification letters to around 617,000 affected patients.

Ransomware 117

Ransomware Fraud Health Insurance HIPAA 117

HIPAA Journal

MARCH 22, 2022

From March 1, 2021, to February 28, 2022, there have been 723 reported data breaches of 500 or more records. Largest Healthcare Data Breaches Reported in February 2022. 22 HIPAA-regulated entities reported breaches of 10,000 or more healthcare records in February. Ransomware attack. Ransomware attack.

US Department of Health and Human Services 134

US Department of Health and Human Services HIPAA Ransomware Compliance 134

HIPAA Journal

JULY 29, 2022

SonicWall has released a mid-year update to its 2022 Cyber Threat Report , which highlights the global cyberattack trends in H1 2022. million global sensors in 215 countries and shows a global fall in ransomware attacks, with notable increases in malware attacks for the first time in 3 years. Ransomware.

Ransomware 145

Ransomware Governance HIPAA 145

HIPAA Journal

JUNE 6, 2022

Ransomware attacks on healthcare organizations increased by 94% year over year, according to the 2022 State of Ransomware Report from cybersecurity firm Sophos. This year’s report focused on the rapidly evolving relationship between ransomware and cyber insurance in healthcare.

Ransomware 145

Ransomware HIPAA 145

HIPAA Journal

MAY 25, 2022

The break-in was discovered on March 4, 2022, with the subsequent investigation confirming on April 22, 2022, that six boxes of paper documents had been stolen from the facility, which included files relating to patients served by SAC Health in 1997 and between 2006 and 2020. Lifespan Services Suffers Ransomware Attack.

Ransomware 137

Ransomware Fraud HIPAA Licensing 137

HIPAA Journal

NOVEMBER 23, 2022

As of November 23, 2022, there is no notification on the hospital’s website so details of the nature of the attack have yet to be made public by Doctors’ Center Hospital, with all current indicators suggesting this was a recent attack, and one which the hospital is likely still attempting to recover from.

Ransomware 140

Ransomware Hospitals Doctors HIPAA 140

HIPAA Journal

JULY 20, 2022

June 2022 saw 70 healthcare data breaches of 500 or more records reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) – two fewer than May and one fewer than June 2021. That is the highest monthly total so far in 2022. Largest Healthcare Data Breaches Reported in June 2022. Ransomware attack.

Electronic Medical Records 114

Electronic Medical Records Ransomware HIPAA Hospitals 114

HIPAA Journal

MARCH 1, 2022

Ransomware attacks have recently been reported by four healthcare providers across the country, which have collectively resulted in the exposure and potential theft of the protected health information of more than 49,000 individuals. The post Four Healthcare Providers Hit with Ransomware Attacks appeared first on HIPAA Journal.

Ransomware 145

Ransomware Licensing HIPAA Health Insurance 145

HIPAA Journal

AUGUST 29, 2022

According to EmergeOrtho’s substitute breach notice, a sophisticated ransomware attack was detected and blocked on May 18, 2022. General Health System Notifies Patients About Ransomware Attack and Data Theft. The cyberattack was detected on June 28, 2022.

Ransomware 130

Ransomware HIPAA 130

HIPAA Journal

AUGUST 3, 2022

The health insurer Aetna ACE is one of the latest healthcare organizations to announce it has been affected by a ransomware attack on a mailing vendor, which involved the protected health information of 326,278 plan members. The ransomware attack affected OneTouchPoint, which provides printing and mailing services for U.S.

Ransomware 143

Ransomware HIPAA Health Insurance 143

HIPAA Journal

FEBRUARY 18, 2022

CrowdStrike has released its annual threat report which shows there was a major increase in data leaks following ransomware attacks in 2021, rising 82% from 2020. CrowdStrike observed 2,686 ransomware attacks in 2021 compared to 1,474 in 2020. There were more than 50 ransomware attacks a week in 2021.

Ransomware 145

Ransomware HIPAA 145

HIPAA Journal

JUNE 13, 2022

Yuma Regional Medical Center (YRMC) in Arizona has announced it was the victim of a ransomware attack in April in which the attackers obtained the protected health information of approximately 700,000 current and former patients. Ransomware attacks often result in the exposure of stolen data if the ransom is not paid.

Ransomware 135

Ransomware Electronic Medical Records HIPAA Health Insurance 135

HIPAA Journal

JULY 4, 2022

According to the company’s substitute breach notice, a sophisticated ransomware attack was detected and blocked on February 26, 2022; however, not in time to prevent some of its computer systems from being disabled. The investigation uncovered no evidence of misuse of patient data, but data theft and misuse could not be ruled out.

Ransomware 138

Ransomware HIPAA Health Insurance Governance 138

HIPAA Journal

APRIL 19, 2022

In March 2022, 43 healthcare data breaches of 500 or more records were reported to the U.S. Largest Healthcare Data Breaches in March 2022. In March 2022, there were 25 data breaches reported to OCR that affected 10,000 or more individuals, all but one of which were hacking incidents. Ransomware attack (Conti).

Ransomware 128

Ransomware HIPAA Hospitals Compliance 128

HIPAA Journal

MARCH 10, 2023

Codman Square Health Center in Boston, MA, has confirmed that it was the victim of a ransomware attack in November 2022 in which hackers gained access to the protected health information of 10,161 current and former patients. The post Ransomware Attack Announced by Codman Square Health Center appeared first on HIPAA Journal.

Ransomware 131

Ransomware HIPAA 131

HIPAA Journal

DECEMBER 13, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has released analyses of two ransomware variants that are being used in attacks on the healthcare sector: LockBit 3.0 LockBit ransomware was first detected in September 2019 when it was known as ABCD ransomware. and has code similar to DarkSide and BlackMatter ransomware.

Ransomware 138

Ransomware HIPAA 138

HIPAA Journal

NOVEMBER 22, 2022

The first half of the year was looking like 2022 would see a reduction in healthcare data breaches; however, that is looking increasingly unlikely. 594 data breaches were reported between January 1 and October 31, and with an average of 60 data breaches being reported each month, 2022 looks set to end with a similarly high number.

Ransomware 133

Ransomware HIPAA Hospitals Health Insurance 133

HIPAA Journal

MAY 10, 2022

The tactics, techniques, and procedures (TTPs) used by ransomware and other cyber threat actors are constantly evolving to evade detection and allow the groups to conduct more successful attacks. HC3 has not observed any change in the numbers of IABs working with ransomware gangs in Q1, 2022, with similar numbers observed as throughout 2022.

Ransomware 128

Ransomware COVID-19 HIPAA Public Health 128

HIPAA Journal

JANUARY 10, 2023

The latest data released by the cybersecurity firm Check Point has confirmed that 2022 was a particularly bad year for cyberattacks, which increased globally by 38% year-over-year fuelled by a sizeable increase in attacks on healthcare organizations. 2022 also saw two major milestones reached. million-record breach at Anthem Inc.

Ransomware 124

Ransomware HIPAA Hospitals Governance 124

HIPAA Journal

MARCH 30, 2022

have confirmed they were recent victims of cyberattacks, both of which involved the use of ransomware. Ransomware Attack Affects 85,282 Law Enforcement Health Benefits Members. LEHB) has recently announced that it was the victim of a ransomware attack that was detected on September 14, 2021. Law Enforcement Health Benefits, Inc.

Ransomware 142

Ransomware Electronic Medical Records HIPAA Licensing 142

HIPAA Journal

MAY 5, 2022

The average ransom payment in ransomware attacks fell by 34% in Q1, 2022, from an all-time high in Q4, 2021, according to ransomware incident response firm Coveware. The average ransom payment in Q1, 2022 was $211,259 and the median ransom payment was $73,906.

Ransomware 133

Ransomware HIPAA 133

HIPAA Journal

MARCH 24, 2023

Ransomware activity increased in February according to the latest GRIT Ransomware Report from GuidePoint Security. increase in attacks compared to February 2022. There was a 21% decrease in Royal ransomware victims compared to January, but a massive 400% increase in BianLian victims. The LockBit 3.0

Ransomware 131

Ransomware Public Health HIPAA 131

HIPAA Journal

DECEMBER 9, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare and public health (HPH) sector about Royal ransomware attacks. Royal ransomware is a new ransomware threat that was first observed being used in attacks in September 2022. Both will prevent files from being opened.

Ransomware 132

Ransomware Public Health HIPAA 132

HIPAA Journal

MAY 25, 2023

CommonSpirit Health has provided an updated estimate on the cost of its October 2022 ransomware attack, which is expected to increase to $160 million. The ransomware attack was detected by CommonSpirit Health on October 2, 2022, forcing systems to be taken offline. The lawsuit was filed in December 2022 in the U.S.

Ransomware 126

Ransomware HIPAA Hospitals 126

HIPAA Journal

AUGUST 17, 2022

According to the breach notification sent to the California Attorney General, Practice Resources was the victim of a ransomware attack on April 12, 2022. On June 14, 2022, Valley Baptist determined that an unauthorized third party had gained access to a computer system.

Ransomware 143

Ransomware HIPAA Hospitals Health Insurance 143

HIPAA Journal

DECEMBER 5, 2022

The Cuba ransomware group has increased attacks in the United States, with attacks doubling since December 2021, and ransom payments are also on the rise. According to CISA and the FBI, there are similarities between the infrastructure used by the Cuba ransomware operation and the RomCom RAT and Industrial Spy ransomware actors.

Ransomware 130

Ransomware Public Health HIPAA Governance 130

HIPAA Journal

DECEMBER 8, 2022

The New York ambulance service, Empress EMS, is facing multiple class action lawsuits over a ransomware attack that was detected on July 14, 2022. The Hive ransomware group was behind the attack, and as per the group’s modus operandi , after gaining access to the network, sensitive files were stolen, then files were encrypted.

Ransomware 117

Ransomware HIPAA Fraud 117

HIPAA Journal

OCTOBER 21, 2022

So far in 2022, 31,705,618 patient records have been exposed or impermissibly disclosed. 30 data breaches of 10,000 or more patient records were reported to the HHS’ Office for Civil Rights in September 2022, all but one of which were hacking/IT incidents. Ransomware attack. Ransomware attack. Ransomware attack.

Ransomware 120

Ransomware HIPAA Compliance Hospitals 120

HIPAA Journal

AUGUST 15, 2022

Multiple ransomware groups have adopted the BazarCall callback phishing technique to gain initial access to victims’ networks, including threat actors that have targeted the healthcare sector. BazarCall was first utilized by the Ryuk ransomware operation in 2020/2021.

Ransomware 145

Ransomware HIPAA 145

HIPAA Journal

MARCH 15, 2023

Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware attacks on critical infrastructure entities. The program is focused on identifying vulnerabilities in Internet-facing systems that are known to have been exploited by ransomware gangs in previous attacks.

Ransomware 120

Ransomware Governance HIPAA Hospitals 120