HIPAA Journal

APRIL 22, 2024

At this stage, Octapharma has yet to provide any further details about the attack, such as whether ransomware was used to encrypt files, and said further information will be released as the investigation progresses. BlackSuit is a relatively new ransomware operation that was discovered in May 2023.

Ransomware 114

Ransomware Public Health HIPAA Governance 114

HIPAA Journal

MAY 2, 2024

Ransomware groups target the healthcare sector because a successful attack gives them access to large amounts of sensitive data that can be easily monetized and used as leverage to get a ransom paid. According to Recorded Future, there were 358 ransomware attacks on healthcare organizations in 2023, a year-on-year increase of 46%.

Ransomware 99

Ransomware HIPAA Governance 99

HIPAA Journal

FEBRUARY 8, 2024

A new report from Chainalysis has revealed victims of ransomware attacks paid hackers $1.1 billion in 2023 to obtain the keys to unlock their data and to prevent the release of information stolen in the attacks. The researchers believe this anomaly is linked to the Russia-Ukraine war.

Ransomware 95

Ransomware HIPAA Governance Hospitals 95

HIPAA Journal

APRIL 22, 2024

According to the Q1, 2024 ransomware report from the ransomware remediation firm Coveware, ransom payments have fallen to a record low with only 28% of victims opting to pay the ransom to recover files and/or prevent the exposure of stolen data.

Ransomware 104

Ransomware HIPAA 104

HIPAA Journal

JUNE 20, 2023

May 2023 was a particularly bad month for healthcare data breaches. More healthcare records have been breached in the first 5 months of 2023 (36,437,539 records) than in all of 2020 (29,298,012 records). The Money Message ransomware group exfiltrated 4.7 This was also a ransomware attack with data theft confirmed.

Ransomware 103

Ransomware HIPAA Compliance Health Insurance 103

Compliancy Group

JANUARY 8, 2024

HIPAA fines are issued for various reasons and are usually the result of a settlement to end an Office for Civil Rights (OCR) investigation. In 2023, OCR settled thirteen cases with healthcare organizations for potential HIPAA violations. Life Hope Labs did not provide access until February 2022.

HIPAA 52

HIPAA Ransomware COVID-19 Doctors 52

HIPAA Journal

MAY 1, 2023

The Health Sector Cybersecurity and Coordination Center (HC3) has issued a fresh ransomware warning to the healthcare and public health (HPH) sector following a spate of attacks on the HPH sector in April by the Clop and LockBit ransomware groups. LockBit ransomware was deployed in some of the attacks. 21.2.11, and 22.0.9

Ransomware 116

Ransomware Public Health HIPAA 116

HIPAA Journal

MARCH 10, 2023

Codman Square Health Center in Boston, MA, has confirmed that it was the victim of a ransomware attack in November 2022 in which hackers gained access to the protected health information of 10,161 current and former patients. On February 2, 2023, a business associate was sent an email that included a list of patients’ dental appointments.

Ransomware 122

Ransomware HIPAA 122

HIPAA Journal

MAY 25, 2023

CommonSpirit Health has provided an updated estimate on the cost of its October 2022 ransomware attack, which is expected to increase to $160 million. The ransomware attack was detected by CommonSpirit Health on October 2, 2022, forcing systems to be taken offline. billion, and $25.6 billion for the 9 months to March 31.

Ransomware 124

Ransomware HIPAA Hospitals 124

HIPAA Journal

MAY 23, 2023

Largest Healthcare Data Breaches Reported in April 2023 As previously mentioned, April saw a major data breach reported that affected 3,037,303 individuals – The third largest breach to be reported by a single HIPAA-covered entity so far this year, and the 19 th largest breach to be reported by a single HIPAA-regulated entity to date.

Ransomware 108

Ransomware HIPAA Medicaid Medicaid 108

HIPAA Journal

NOVEMBER 8, 2023

Mulkay Cardiology Consultants at Holy Name Medical Center has recently confirmed that it fell victim to a ransomware attack. The attack was detected on September 5, 2023, when files on its network were encrypted. According to the breach notice, Mulkay was able to rebuild its systems and recover the encrypted files from backups.

Ransomware 110

Ransomware Licensing Health Insurance HIPAA 110

HIPAA Journal

APRIL 20, 2023

Healthcare Data Breaches Reported in March 2023 In March, 63 breaches of 500 or more records were reported to OCR, which is a 46.51% increase from February, 6.92% more than the 12-month average, and 40% more breaches than in March 2022. Malicious actors continue to use ransomware in their attacks on healthcare organizations.

US Department of Health and Human Services 112

US Department of Health and Human Services Ransomware HIPAA Hospitals 112

HIPAA Journal

JUNE 27, 2023

In March 2023, Atlantic General Hospital notified the Maine Attorney General that it had fallen victim to a ransomware attack in which the protected health information of 30,704 individuals was exposed; however, the ransomware attack was far more extensive than was previously thought and the total has been upwardly revised to 136,981 individuals.

Ransomware 108

Ransomware Hospitals Health Insurance HIPAA 108

HIPAA Journal

NOVEMBER 13, 2023

A zero-day vulnerability in the SysAid IT service management solution is being exploited by the Lace Tempest (aka FIN11, DEV-0950, TA505) threat group to gain access to SysAid servers, steal data, and deploy Clop ransomware. The SysAid vulnerability was identified on November 2, 2023, after it had been exploited.

Ransomware 100

Ransomware HIPAA 100

HIPAA Journal

FEBRUARY 22, 2023

Largest Healthcare Data Breaches in January 2023 In January there were 13 data breaches involving 10,000 or more records, 8 of which involved hacked network servers and email accounts. Healthcare providers were the worst affected HIPAA-covered entity with 31 reported data breaches and 5 data breaches were reported by health plans.

HIPAA 120

HIPAA Ransomware Hospitals Compliance 120

HIPAA Journal

FEBRUARY 8, 2024

In March 2023, CISA launched its Pre-Ransomware Notification Initiative which sees alerts issued if vulnerabilities are detected that are known to be actively exploited by ransomware groups to allow organizations to take action to prevent the vulnerabilities from being exploited.

Ransomware 87

Ransomware HIPAA 87

HIPAA Journal

APRIL 23, 2024

Notification letters have been sent to more than 34,500 individuals about ransomware attacks that occurred more than 9 months ago. Kisco Senior Living experienced its attack in June 2023, and Island Ambulatory Surgery Center suffered an attack in July.

Ransomware 111

Ransomware Fraud Licensing HIPAA 111

HIPAA Journal

DECEMBER 30, 2022

A settlement has been proposed by Scripps Health to resolve a consolidated class action lawsuit – In Re: Scripps Health Data Incident Litigation – to resolve all claims related to its 2021 ransomware attack. The ransomware attack has proven to be incredibly costly for Scripps Health. The post Scripps Health Proposes $3.5M

Ransomware 118

Ransomware HIPAA Licensing Doctors 118

HIPAA Journal

MARCH 29, 2024

In February, Harvard Pilgrim Health Care revised the total number of individuals affected by an April 2023 ransomware attack, increasing the total by more than 81,000 to 2,632,275 individuals. The post Harvard Pilgrim Health Care Increases Ransomware Victim Count to 2.86 Million appeared first on HIPAA Journal.

Ransomware 77

Ransomware HIPAA Health Insurance 77

HIPAA Journal

JULY 20, 2023

In June, HIPAA-regulated entities reported 66 breaches, and while this was an improvement on the 73 breaches reported in June 2022, the month’s total is still well above the 12-month average of 58 data breaches a month. In H1 2023, 41,452,622 healthcare records were exposed or impermissibly disclosed.

HIPAA 97

HIPAA Ransomware Hospitals Compliance 97

HIPAA Journal

AUGUST 7, 2023

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a security alert about a new ransomware group – Rhysida – which is conducting high-impact attacks across multiple industry sectors. The Cobalt Strike attack framework is deployed on compromised systems and used to deliver the ransomware payload.

Ransomware 91

Ransomware Public Health HIPAA Governance 91

HIPAA Journal

APRIL 26, 2023

Ransomware actors continue to target the U.S. These are some of the findings from the latest Global Threat Intelligence Report from Blackberry, which is based on threats detected by its Cylance Endpoint Security solution over 90 days from December 2022 to February 2023. per minute in the most recent reporting period.

Ransomware 118

Ransomware HIPAA Hospitals 118

Compliancy Group

JANUARY 2, 2024

2023 was a banner year for healthcare fines and breaches. The Department of Health and Human Services (HHS) Office for Civil Rights settled thirteen cases with healthcare organizations for potential HIPAA violations. Ransomware and hacking are still the primary cyber threats in healthcare. Fines ranged from $15,000 – $1.3

HIPAA 52

HIPAA Ransomware Compliance Hospitals 52

HIPAA Journal

AUGUST 9, 2023

Ransomware gangs use a variety of methods for initial access to victims’ networks and while phishing is still one of the most common initial access vectors, researchers at the cybersecurity firm Akamai have identified a trend toward zero-day and day-one vulnerabilities for initial access.

Ransomware 87

Ransomware HIPAA 87

Compliancy Group

FEBRUARY 23, 2024

The HHS settlement, resulting from an investigation into a 2019 ransomware attack, requires the behavioral health provider to pay $40,000, implement a corrective action plan, and submit to three years of OCR monitoring. In October 2023, HHS settled its first ransomware investigation with a business associate for $100,000.

Ransomware 52

Ransomware HIPAA Compliance 52

HIPAA Journal

JULY 14, 2023

There has been a sizeable fall in revenues from cryptocurrency-related crimes in the first half of 2023, with scammers seeing a 77% reduction in revenues from the same period in 2022, amassing a little over $1 billion in the first half of the year compared to $3.3 million in payments were made following ransomware attacks.

Ransomware 89

Ransomware Fraud HIPAA 89

HIPAA Journal

MAY 23, 2024

A Texas ophthalmology practice has experienced a ransomware attack that resulted in the encryption of files on its computer systems. The substitute breach notice does not state when the unauthorized access was detected, only that it occurred on or around October 17, 2023.

Ransomware 91

Ransomware Licensing HIPAA 91

HIPAA Journal

SEPTEMBER 13, 2023

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a health and public health (HPH) sector alert about a new ransomware group called Akira, which has been in operation since March 2023. The post Akira Ransomware Group Targeting the Healthcare and Public Health Sector appeared first on HIPAA Journal.

Ransomware 93

Ransomware Public Health HIPAA 93

HIT Consultant

AUGUST 29, 2024

Chris Bowen, Founder and CISO, ClearDATA The recent $50 million initiative announced by the Advanced Research Projects Agency for Health (ARPA-H) can’t hurt in the ongoing battle against ransomware in the healthcare sector. Major organizations like Change Healthcare and Ascension have faced significant disruptions due to these breaches.

Ransomware 110

Ransomware Hospitals Compliance Health Insurance 110

HIPAA Journal

MAY 8, 2023

The cyberattack occurred on April 22, 2023, and the network was rapidly shut down to contain the attack. MMC planned to reopen on a limited basis on May 3, 2023, then restore full operations shortly thereafter; however, the recovery process took longer than planned.

Ransomware 137

Ransomware HIPAA 137

HIPAA Journal

AUGUST 25, 2023

million for the first 6 months of 2023 on $4.8 million difference has largely been attributed to the ransomware attack it detected on April 17, 2023., million difference has largely been attributed to the ransomware attack it detected on April 17, 2023., Point32Health has reported operating losses of $102.7

Ransomware 97

Ransomware HIPAA Medicare Medicare 97

HIPAA Journal

APRIL 5, 2023

Montgomery General Hospital in West Virginia has suffered a cyberattack that saw unauthorized individuals gain access to its IT systems on or around February 28, 2023, and deploy ransomware on or around March 1, 2023. The post Montgomery General Hospital Suffers Ransomware Attack and Data Leak appeared first on HIPAA Journal.

Ransomware 97

Ransomware Hospitals Electronic Medical Records HIPAA 97

HIPAA Journal

MARCH 15, 2023

Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware attacks on critical infrastructure entities. The program is focused on identifying vulnerabilities in Internet-facing systems that are known to have been exploited by ransomware gangs in previous attacks.

Ransomware 98

Ransomware Governance HIPAA Hospitals 98

HIPAA Journal

APRIL 8, 2024

The Medusa ransomware group has leaked data stolen from American Renal Associates. American Renal Associates American Renal Associates (ARA), one of the largest providers of dialysis services in the United States and a provider of care for patients suffering from end-stage renal disease has experienced a Medusa ransomware attack.

Ransomware 78

Ransomware Health Insurance Licensing HIPAA 78

HIPAA Journal

FEBRUARY 9, 2024

The Healthcare and Public Health (HPH) Sector has been warned about cyberattacks involving Akira ransomware , of which there have been at least 81 since the new ransomware variant was discovered in May 2023. Akira is a ransomware-as-a-service (RaaS) operation that is thought to have ties to the Conti ransomware group.

Ransomware 79

Ransomware Public Health HIPAA 79

HIPAA Journal

APRIL 21, 2023

Ransomware attacks increased by 91% in March 2023, according to a new analysis by NCC Group. The massive increase was due to the zero-day vulnerability (CVE-2023-0669) in Fortra’s GoAnywhere MFT file management solution, which was exploited by the Clop ransomware group in 130 attacks on companies over a 10-day period.

Ransomware 103

Ransomware HIPAA 103

HIPAA Journal

MARCH 13, 2023

On December 15, 2023, Revenetics detected a system intrusion and confirmed on December 27, 2022, that the attackers exfiltrated files that included names, dates of birth, clinical information, financial information, procedure and service codes, and healthcare provider and health plan names.

Ransomware 120

Ransomware Fraud HIPAA 120