2023, Health Insurance and Ransomware - Health Care Compliance Brief

Patient Data Stolen from Livanova in October 2023 Ransomware Attack

HIPAA Journal

APRIL 30, 2024

The medical device manufacturer Livanova, the Massachusetts community behavioral health center Aspire Health Alliance, and Santa Rosa Behavioral Healthcare Hospital in California have experienced ransomware attacks that exposed patient data. The LockBit ransomware group claimed responsibility for the attack.

Ransomware

Ransomware Licensing Health Insurance HIPAA

Atlantic General Hospital Increases Ransomware Victim Count to Almost 140,000 Individuals

HIPAA Journal

JUNE 27, 2023

In March 2023, Atlantic General Hospital notified the Maine Attorney General that it had fallen victim to a ransomware attack in which the protected health information of 30,704 individuals was exposed; however, the ransomware attack was far more extensive than was previously thought and the total has been upwardly revised to 136,981 individuals.

Ransomware

Ransomware Hospitals Health Insurance HIPAA

November 8, 2023, Healthcare Data Breach Round-Up

HIPAA Journal

NOVEMBER 8, 2023

Mulkay Cardiology Consultants at Holy Name Medical Center has recently confirmed that it fell victim to a ransomware attack. The attack was detected on September 5, 2023, when files on its network were encrypted. According to the breach notice, Mulkay was able to rebuild its systems and recover the encrypted files from backups.

Ransomware

Ransomware Licensing Health Insurance HIPAA

Critical Condition: The Increasing Frequency of Ransomware Attacks in Healthcare

Healthcare IT Today

NOVEMBER 22, 2024

According to a report from the Office of the Director of National Intelligence, ransomware attacks on healthcare organizations doubled between 2022 and 2023 , making the healthcare sector one of the fastest-growing targets for cybercriminals. Then malicious actors can either subscribe to use the ransomware or purchase access outright.

Ransomware

Ransomware Hospitals COVID-19 Compliance

CentraState Medical Center Facing Class Action Lawsuit Over December 2022 Ransomware Attack

HIPAA Journal

FEBRUARY 22, 2023

A lawsuit has been filed against Freehold Township, NJ-based CentraState Healthcare System over its December 2022 ransomware attack, a few days after the health system started sending notification letters to around 617,000 affected patients.

Ransomware

Ransomware Fraud Health Insurance HIPAA

Kisco Senior Living & Island Ambulatory Surgery Center Disclose Summer 2023 Cyberattacks

HIPAA Journal

APRIL 23, 2024

Notification letters have been sent to more than 34,500 individuals about ransomware attacks that occurred more than 9 months ago. Kisco Senior Living experienced its attack in June 2023, and Island Ambulatory Surgery Center suffered an attack in July. Notification letters were mailed to the affected individuals on April 5, 2024.

Ransomware

Ransomware Fraud Licensing HIPAA

Healthcare Security and Risk – 2023 Health IT Predictions

Healthcare IT Today

JANUARY 2, 2023

As we head into 2023, we wanted to kick off the new year with a series of 2023 Health IT predictions. We are going to see an increased demand for privacy-preserving technology in 2023, and therefore more investment in the space. during 2023. Check out our community’s healthcare Security and Risk predictions.

Ransomware

Ransomware Fraud Compliance Telemedicine

Penalizing Hospitals Won’t Stop Ransomware: Why Collaboration, Not Fines, is Key to Healthcare Cybersecurity

HIT Consultant

AUGUST 29, 2024

Chris Bowen, Founder and CISO, ClearDATA The recent $50 million initiative announced by the Advanced Research Projects Agency for Health (ARPA-H) can’t hurt in the ongoing battle against ransomware in the healthcare sector.

Ransomware

Ransomware Hospitals Compliance Health Insurance

Ransomware Attack Triggers Multiple Lawsuits Against Harvard Pilgrim Healthcare & Point32Health

HIPAA Journal

JUNE 13, 2023

Harvard Pilgrim Health Care and its parent company, Point32Health, are facing multiple class action lawsuits after hackers gained access to the protected health information (PHI) of more than 2.5 million individuals in an April 2023 ransomware attack. Harvard Pilgrim Health Care Inc. million customers.

Ransomware

Ransomware Fraud Health Insurance HIPAA

Major Massachusetts Health Insurer Suffers Ransomware Attack

HIPAA Journal

APRIL 21, 2023

Point32 Health, the second-largest health insurer in the state of Massachusetts, has announced it has experienced a ransomware attack that has resulted in system outages, including systems that are used to service its members, accounts, brokers, and providers.

Health Insurance

Health Insurance Ransomware HIPAA Medicare

May 2023 Healthcare Data Breach Report

HIPAA Journal

JUNE 20, 2023

May 2023 was a particularly bad month for healthcare data breaches. More healthcare records have been breached in the first 5 months of 2023 (36,437,539 records) than in all of 2020 (29,298,012 records). The Money Message ransomware group exfiltrated 4.7 This was also a ransomware attack with data theft confirmed.

Ransomware

Ransomware HIPAA Compliance Health Insurance

Maternal & Family Health Services Sued Over Ransomware Attack and Data Breach

HIPAA Journal

MARCH 10, 2023

A lawsuit has been filed against Maternal & Family Health Services (MFHS) in Pennsylvania which alleges the healthcare provider failed to protect patient data and did not send timely breach notifications. According to the notifications, unauthorized individuals gained access to its network and used ransomware to encrypt files.

Ransomware

Ransomware HIPAA Licensing Health Insurance

LockBit Ransomware Group Threatens to Publish Stolen Cancer Patient Data

HIPAA Journal

AUGUST 8, 2023

The LockBit ransomware group has added Varian Medical Systems to its data leak site and has threatened to publish the data of cancer patients if the ransom is not paid. AAA said it was informed by PAB on May 11, 2023, that the data of some of its patients had potentially been compromised.

Ransomware

Ransomware Licensing HIPAA Health Insurance

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates

HIPAA Journal

APRIL 8, 2024

The Medusa ransomware group has leaked data stolen from American Renal Associates. Moffitt Cancer Center has been affected by a cyberattack on a vendor, and Family Health Center in Michigan and Zuckerberg San Francisco General Hospital have reported the exposure of patient data.

Ransomware

Ransomware Health Insurance Licensing HIPAA

Point32Health Confirms Harvard Pilgrim Health Care Member Data Stolen in Ransomware Attack

HIPAA Journal

MAY 25, 2023

In April 2023, Point32Health, the second-largest health insurer in Massachusetts and the parent company of Tufts Health Plan and Harvard Pilgrim Health Care, announced it suffered a ransomware attack that resulted in system outages, including the systems that serviced members, accounts, brokers, and providers.

Ransomware

Ransomware Health Insurance Fraud HIPAA

Multiple Lawsuits Filed Against Regal Medical Group Over 3.3 Million-Record Ransomware Attack

HIPAA Journal

FEBRUARY 23, 2023

Several class action lawsuits have been filed against Regal Medical Group and affiliated healthcare providers following the February 1, 2023, announcement that the protected health information (PHI) of up to 3,300,638 individuals had potentially been stolen in a December 2022 ransomware attack. ADOC Acquisition Co.,

Ransomware

Ransomware HIPAA Health Insurance Doctors

Naked Patient Photos Published After Ransomware Attack on Plastic Surgery Clinic

HIPAA Journal

JULY 17, 2023

The notification was received on May 9, 2023, and a third-party incident response firm was engaged to investigate and determine the validity of the threat actor’s claims. The post Naked Patient Photos Published After Ransomware Attack on Plastic Surgery Clinic appeared first on HIPAA Journal. Gary Motykie were also published online.

Ransomware

Ransomware HIPAA Licensing Health Insurance

Harvard Pilgrim Health Care Increases Ransomware Victim Count to 2.86 Million

HIPAA Journal

MARCH 29, 2024

In February, Harvard Pilgrim Health Care revised the total number of individuals affected by an April 2023 ransomware attack, increasing the total by more than 81,000 to 2,632,275 individuals. Harvard Pilgrim Health Care said it is offering complimentary credit monitoring and identity protection services through IDX.

Ransomware

Ransomware HIPAA Health Insurance

Ransomware Attacks Announced by Maternal & Family Health Services and Retreat Behavioral Health

HIPAA Journal

JANUARY 9, 2023

Maternal & Family Health Services in Eastern Pennsylvania has recently notified certain patients about an April 4, 2022, ransomware attack in which sensitive patient data was exposed. Notifications were sent to affected individuals on January 3, 2023. Retreat Behavioral Health Ransomware Attack Affects Up to 23,620 Patients.

Ransomware

Ransomware HIPAA Licensing Health Insurance

Rethinking culture in healthcare cybersecurity strategy

Healthcare It News

JULY 31, 2023

At the HIMSS 2023 Healthcare Cybersecurity Forum , scheduled for September 7 and 8 in Boston, Liederman will highlight his experiences implementing systems and procedures that foster a culture of privacy and security.

Ransomware

Ransomware Health Insurance HIPAA Governance

UnitedHealth Group Confirms Data Stolen in Change Healthcare Ransomware Attack

HIPAA Journal

MARCH 29, 2024

It has been more than 5 weeks since Change Healthcare suffered a Blackcat ransomware attack. Department of State Offers $10 Million Reward for Information on ALPHV/Blackcat Ransomware Group The U.S. While around 20 services have now resumed, more than 100 are still offline.

Ransomware

Ransomware US Department of Health and Human Services HIPAA Hospitals

Lehigh Valley Health Network and MKS Instruments Recovering from Ransomware Attacks

HIPAA Journal

FEBRUARY 21, 2023

Lehigh Valley Health Network (LVHN) in Pennsylvania has confirmed that it is dealing with a ransomware attack that was detected on February 6, 2023. An announcement was made on Monday confirming the Russian-speaking ransomware gang, BlackCat, was behind the attack and demanded a ransom, but no payment was made.

Ransomware

Ransomware HIPAA Health Insurance Governance

Feds Launches Investigation of Change Healthcare Cybersecurity Attack

HIT Consultant

MARCH 13, 2024

Investigation Focuses on HIPAA Compliance The OCR enforces the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules. These rules establish minimum standards for protecting patient privacy, securing electronic health information, and notifying individuals in case of a data breach.

Ransomware

Ransomware HIPAA Compliance Health Insurance

Ransomware Gangs Claim Three Healthcare Victims

HIPAA Journal

MAY 26, 2023

That appears to be the case with two recent cyberattacks, neither of which mention ransomware or confirm that data theft occurred. AENT said it was able to determine that “an unauthorized actor may have had access to certain systems that stored personal and protected health information,” between March 23, 2023, and April 4, 2023.

Ransomware

Ransomware Health Insurance HIPAA Licensing

CommonSpirit Health Issues Update Confirming 164 Facilities Affected by Ransomware Attack

HIPAA Journal

APRIL 10, 2023

CommonSpirit Health has issued an update about its October 2022 ransomware attack and has confirmed that patients from 164 facilities were affected by the attack and had their sensitive data exposed or stolen. Those individuals were notified about the data breach in December.

Ransomware

Ransomware Hospitals Nurses HIPAA

Texas Retina Associates Cyberattack Affects 312,000 Patients

HIPAA Journal

JULY 3, 2024

has confirmed that patient data has been compromised in a cyberattack, and the Monti ransomware group has claimed responsibility for a cyberattack on Wayne Memorial Hospital. They confirmed that an unauthorized actor gained access to its network on October 8, 2023, and maintained access until the breach was detected.

Ransomware

Ransomware Health Insurance Hospitals HIPAA

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

HIPAA Journal

MARCH 29, 2023

Atlantic General Hospital – Ransomware Attack Atlantic General Hospital (AGH) in Berlin, MD, has recently reported a ransomware attack to the Maine Attorney General that has affected up to 30,704 individuals. The attack was detected on January 29, 2023, when files were discovered to have been encrypted.

Hospitals

Hospitals Ransomware Licensing Health Insurance

Regal Medical Group Ransomware Attack & Southeast Colorado Hospital District Email Breach

HIPAA Journal

FEBRUARY 7, 2023

Regal Medical Group, a San Bernardino, CA-based affiliate of the Heritage Provider Network, recently announced that it was attacked with ransomware. The forensic investigation confirmed that the attackers gained access to the servers on or around December 1 and exfiltrated files before the ransomware was deployed.

Ransomware

Ransomware Hospitals Licensing HIPAA

Johns Hopkins Investigating Cyberattack and Data Breach

HIPAA Journal

JUNE 15, 2023

Johns Hopkins University and Johns Hopkins Health System are investigating a May 31, 2023, cyberattack and data breach that targeted a widely used software tool. The security breach was discovered on April 4, 2023, and unauthorized access was immediately blocked. Notifies 24,400 Individuals About Data Breach iSpace, Inc.,

Ransomware

Ransomware Health Insurance Fraud HIPAA

Cyberattacks Reported by Bienville Orthopaedic Specialists and Just Kids Dental

HIPAA Journal

SEPTEMBER 8, 2023

A security breach was detected on March 5, 2023, and systems were immediately taken offline to prevent further unauthorized access. A forensic investigation was initiated to determine the nature and scope of the attack, which confirmed there had been unauthorized access to its systems between February 3, 2023, and March 5, 2023.

Licensing

Licensing Ransomware Health Insurance HIPAA

Healthcare Data Potentially Compromised in 5 Hacking Incidents

HIPAA Journal

MAY 2, 2023

NYSARC Columbia County Chapter Notifies Individuals About July 2022 Ransomware Attack NYSARC Columbia County Chapter (COARC) has started notifying certain individuals that some of their protected health information has potentially been obtained by unauthorized individuals in a July 2022 ransomware attack.

Ransomware

Ransomware Licensing Health Insurance HIPAA

Associates in Dermatology Patients Affected by Business Associate Ransomware Attack

HIPAA Journal

MARCH 23, 2023

Associates in Dermatology, a network of dermatology clinics in Indiana, Kentucky, and New York, has started notifying patients that some of their protected health information has been exposed in a ransomware attack on one of its business associates.

Ransomware

Ransomware Electronic Medical Records Records Management HIPAA

Data Breaches Reported by University Urology and McPherson Hospital

HIPAA Journal

MAY 10, 2023

Suspicious activity was detected within its computer systems on February 1, 2023, and third-party cybersecurity experts were engaged to conduct a forensic analysis of the incident to determine the nature and scope of the attack. The investigation concluded on March 3, 2023, that files within its network were accessed.

Hospitals

Hospitals Ransomware Health Insurance Fraud

Forefront Dermatology Proposes $3.75 Million Settlement to Resolve Ransomware Lawsuit

HIPAA Journal

NOVEMBER 21, 2022

The Wisconsin-based dermatology practice, Forefront Dermatology, has agreed to settle a class action lawsuit filed on behalf of patients whose protected health information (PHI) was compromised in a ransomware attack in late May 2021. The final approval hearing has been scheduled for March 1, 2023.

Ransomware

Ransomware Fraud HIPAA Licensing

San Andreas Regional Center Agrees to Settle 2021 Ransomware Attack Lawsuit

HIPAA Journal

JANUARY 31, 2023

San Andreas Regional Center – was filed in the Superior Court of California in response to the breach alleging the healthcare provider was negligent for failing to implement reasonable cybersecurity measures to protect against ransomware attacks, despite being aware of the high risk of attacks on the healthcare sector.

Ransomware

Ransomware Fraud Health Insurance HIPAA

Almost 6 Million Individuals Affected by PharMerica Data Breach

HIPAA Journal

MAY 17, 2023

In April 2023, the Money Message ransomware group announced it had breached the systems of PharMerica and its parent company, BrightSpring Health Services, and added both to its data leak site. That makes it the largest healthcare data breach to be reported by a single HIPAA-covered entity so far in 2023.

Ransomware

Ransomware HIPAA Fraud Health Insurance

Electromed Proposes $825,000 Class Action Data Breach Settlement

HIPAA Journal

FEBRUARY 15, 2023

The medical device manufacturer Electromed has proposed a $850,000 settlement to resolve claims related to a June 2021 ransomware attack and data breach involving the protected health information of 47,200 individuals. The deadline for objection to and exclusion from the settlement is March 2, 2023.

Ransomware

Ransomware Fraud Licensing Health Insurance

Idaho Hospitals Divert Ambulances and Clinic Temporarily Closes Due to Cyberattack

HIPAA Journal

JUNE 1, 2023

Details about the nature of the attack, such as if ransomware was used, have not been released at this stage, and it is too early to tell the extent to which patient information was involved. The security breach was detected on March 23, 2023, when files were discovered to have been encrypted, preventing access.

Hospitals

Hospitals Electronic Medical Records Ransomware Health Insurance

Azura Vascular Care Reports Data Breach Affecting 348,000 Patients

HIPAA Journal

FEBRUARY 8, 2024

Azura Vascular Care, a Pennsylvania-based operator of 70 outpatient vascular centers and ambulatory surgery centers in 25 states and Puerto Rico, notified the HHS’ Office for Civil Rights last month about a cybersecurity incident involving the protected health information of 348,000 patients. The incident was detected on November 9, 2023.

Ransomware

Ransomware Electronic Medical Records Licensing Health Insurance

IL, KY, and TN Healthcare Orgs Recovering from Recent Cyberattacks

HIPAA Journal

MAY 30, 2023

Morris Hospital & Healthcare Centers Investigating Royal Ransomware Attack Morris Hospital & Healthcare Centers in Illinois has launched an investigation into a cyberattack that the Royal ransomware group has claimed responsibility for. Norton did not state whether ransomware was used in the attack.

Ransomware

Ransomware Electronic Medical Records Health Insurance Hospitals

Sturdy Memorial Hospital & North Shore Pain Management Settle Data Breach Lawsuits

HIPAA Journal

DECEMBER 13, 2022

Two healthcare organizations in Massachusetts have chosen to settle class action lawsuits that were filed by patients whose protected health information was stolen in cyberattacks. Class members have until January 14, 2023, to exclude themselves from or object to the settlement. Claims must be submitted by February 14, 2023.

Hospitals

Hospitals Ransomware HIPAA Health Insurance

Patient Data Likely Lost Due to Cyberattack on Mercy Medical Center – Clinton

HIPAA Journal

JUNE 8, 2023

The security breach was detected on April 4, 2023, and the forensic investigation confirmed its network had been accessed by an unauthorized third party between March 7, 2023, and April 4, 2023. According to the May 22, 2023, breach notice, the incidents occurred in 2021.

Ransomware

Ransomware HIPAA Licensing Health Insurance

Website Tracking Technology Breach Affects 54,000 New York Presbyterian Hospital Patients

HIPAA Journal

MARCH 31, 2023

New York Presbyterian Hospital has reported a 54K-record data breach due to website tracking tools, ransomware attacks have been reported by Atlantic Dialysis Management Services and American Pain & Wellness, and there has been an impermissible disclosure of PHI by a former New Medical Health Care employee.

Hospitals

Hospitals Ransomware HIPAA Health Insurance

ILS Data Breach Affects Almost 21K Iowan Medicaid Recipients

HIPAA Journal

APRIL 14, 2023

While ILS discovered the breach in July 2022, it took until February 14, 2023, for Telligen to be notified about the breach. Telligen notified the Iowa DHSS three days later on February 17, 2023. Notifications were mailed to affected individuals on April 10, 2023. Ransomware was not used in the attack, but files were stolen.

Medicaid

Medicaid Medicaid Ransomware HIPAA

Patient Data Stolen from Livanova in October 2023 Ransomware Attack

Atlantic General Hospital Increases Ransomware Victim Count to Almost 140,000 Individuals

Trending Sources

November 8, 2023, Healthcare Data Breach Round-Up

Critical Condition: The Increasing Frequency of Ransomware Attacks in Healthcare

CentraState Medical Center Facing Class Action Lawsuit Over December 2022 Ransomware Attack

Kisco Senior Living & Island Ambulatory Surgery Center Disclose Summer 2023 Cyberattacks

Healthcare Security and Risk – 2023 Health IT Predictions

Penalizing Hospitals Won’t Stop Ransomware: Why Collaboration, Not Fines, is Key to Healthcare Cybersecurity

Ransomware Attack Triggers Multiple Lawsuits Against Harvard Pilgrim Healthcare & Point32Health

Major Massachusetts Health Insurer Suffers Ransomware Attack

May 2023 Healthcare Data Breach Report

Maternal & Family Health Services Sued Over Ransomware Attack and Data Breach

LockBit Ransomware Group Threatens to Publish Stolen Cancer Patient Data

Medusa Ransomware Group Leaks Data Stolen from American Renal Associates

Point32Health Confirms Harvard Pilgrim Health Care Member Data Stolen in Ransomware Attack

Multiple Lawsuits Filed Against Regal Medical Group Over 3.3 Million-Record Ransomware Attack

Naked Patient Photos Published After Ransomware Attack on Plastic Surgery Clinic

Harvard Pilgrim Health Care Increases Ransomware Victim Count to 2.86 Million

Ransomware Attacks Announced by Maternal & Family Health Services and Retreat Behavioral Health

Rethinking culture in healthcare cybersecurity strategy

UnitedHealth Group Confirms Data Stolen in Change Healthcare Ransomware Attack

Lehigh Valley Health Network and MKS Instruments Recovering from Ransomware Attacks

Feds Launches Investigation of Change Healthcare Cybersecurity Attack

Ransomware Gangs Claim Three Healthcare Victims

CommonSpirit Health Issues Update Confirming 164 Facilities Affected by Ransomware Attack

Texas Retina Associates Cyberattack Affects 312,000 Patients

Hacking Incidents Reported by Atlantic General and Lawrence General Hospitals

Regal Medical Group Ransomware Attack & Southeast Colorado Hospital District Email Breach

Johns Hopkins Investigating Cyberattack and Data Breach

Cyberattacks Reported by Bienville Orthopaedic Specialists and Just Kids Dental

Healthcare Data Potentially Compromised in 5 Hacking Incidents

Associates in Dermatology Patients Affected by Business Associate Ransomware Attack

Data Breaches Reported by University Urology and McPherson Hospital

Forefront Dermatology Proposes $3.75 Million Settlement to Resolve Ransomware Lawsuit

San Andreas Regional Center Agrees to Settle 2021 Ransomware Attack Lawsuit

Almost 6 Million Individuals Affected by PharMerica Data Breach

Electromed Proposes $825,000 Class Action Data Breach Settlement

Idaho Hospitals Divert Ambulances and Clinic Temporarily Closes Due to Cyberattack

Azura Vascular Care Reports Data Breach Affecting 348,000 Patients

IL, KY, and TN Healthcare Orgs Recovering from Recent Cyberattacks

Sturdy Memorial Hospital & North Shore Pain Management Settle Data Breach Lawsuits

Patient Data Likely Lost Due to Cyberattack on Mercy Medical Center – Clinton

Website Tracking Technology Breach Affects 54,000 New York Presbyterian Hospital Patients

ILS Data Breach Affects Almost 21K Iowan Medicaid Recipients

Stay Connected