HIPAA Journal

MAY 1, 2023

The Health Sector Cybersecurity and Coordination Center (HC3) has issued a fresh ransomware warning to the healthcare and public health (HPH) sector following a spate of attacks on the HPH sector in April by the Clop and LockBit ransomware groups. LockBit ransomware was deployed in some of the attacks. 21.2.11, and 22.0.9

Ransomware 115

Ransomware Public Health HIPAA 115

HIPAA Journal

MAY 8, 2023

The cyberattack occurred on April 22, 2023, and the network was rapidly shut down to contain the attack. MMC planned to reopen on a limited basis on May 3, 2023, then restore full operations shortly thereafter; however, the recovery process took longer than planned.

Ransomware 136

Ransomware HIPAA 136

HIPAA Journal

FEBRUARY 22, 2023

Largest Healthcare Data Breaches in January 2023 In January there were 13 data breaches involving 10,000 or more records, 8 of which involved hacked network servers and email accounts. Healthcare providers were the worst affected HIPAA-covered entity with 31 reported data breaches and 5 data breaches were reported by health plans.

HIPAA 119

HIPAA Ransomware Hospitals Compliance 119

HIPAA Journal

JUNE 6, 2023

The eagerly anticipated Verizon 2023 Data Breach Investigations Report ( DBIR ) has been published – An annual report that provides insights into the current threat landscape and data breach trends. of data breaches – a slight increase in ransomware incidents from last year and a slight decrease in ransomware-related data breaches.

Ransomware 96

Ransomware HIPAA 96

HIPAA Journal

DECEMBER 30, 2022

A settlement has been proposed by Scripps Health to resolve a consolidated class action lawsuit – In Re: Scripps Health Data Incident Litigation – to resolve all claims related to its 2021 ransomware attack. The ransomware attack has proven to be incredibly costly for Scripps Health. The post Scripps Health Proposes $3.5M

Ransomware 116

Ransomware HIPAA Licensing Doctors 116

HIPAA Journal

APRIL 20, 2023

Healthcare Data Breaches Reported in March 2023 In March, 63 breaches of 500 or more records were reported to OCR, which is a 46.51% increase from February, 6.92% more than the 12-month average, and 40% more breaches than in March 2022. Malicious actors continue to use ransomware in their attacks on healthcare organizations.

US Department of Health and Human Services 111

US Department of Health and Human Services Ransomware HIPAA Hospitals 111

HIPAA Journal

MAY 23, 2023

Largest Healthcare Data Breaches Reported in April 2023 As previously mentioned, April saw a major data breach reported that affected 3,037,303 individuals – The third largest breach to be reported by a single HIPAA-covered entity so far this year, and the 19 th largest breach to be reported by a single HIPAA-regulated entity to date.

Ransomware 107

Ransomware HIPAA Medicaid Medicaid 107

HIPAA Journal

JUNE 20, 2023

May 2023 was a particularly bad month for healthcare data breaches. More healthcare records have been breached in the first 5 months of 2023 (36,437,539 records) than in all of 2020 (29,298,012 records). The Money Message ransomware group exfiltrated 4.7 This was also a ransomware attack with data theft confirmed.

Ransomware 102

Ransomware HIPAA Compliance Health Insurance 102

HIPAA Journal

FEBRUARY 8, 2024

A new report from Chainalysis has revealed victims of ransomware attacks paid hackers $1.1 billion in 2023 to obtain the keys to unlock their data and to prevent the release of information stolen in the attacks. The researchers believe this anomaly is linked to the Russia-Ukraine war.

Ransomware 94

Ransomware HIPAA Governance Hospitals 94

HIPAA Journal

JUNE 27, 2023

In March 2023, Atlantic General Hospital notified the Maine Attorney General that it had fallen victim to a ransomware attack in which the protected health information of 30,704 individuals was exposed; however, the ransomware attack was far more extensive than was previously thought and the total has been upwardly revised to 136,981 individuals.

Ransomware 106

Ransomware Hospitals Health Insurance HIPAA 106

HIPAA Journal

MAY 2, 2024

Ransomware groups target the healthcare sector because a successful attack gives them access to large amounts of sensitive data that can be easily monetized and used as leverage to get a ransom paid. According to Recorded Future, there were 358 ransomware attacks on healthcare organizations in 2023, a year-on-year increase of 46%.

Ransomware 97

Ransomware HIPAA Governance 97

HIPAA Journal

APRIL 22, 2024

According to the Q1, 2024 ransomware report from the ransomware remediation firm Coveware, ransom payments have fallen to a record low with only 28% of victims opting to pay the ransom to recover files and/or prevent the exposure of stolen data.

Ransomware 102

Ransomware HIPAA 102

HIPAA Journal

MARCH 13, 2023

On December 15, 2023, Revenetics detected a system intrusion and confirmed on December 27, 2022, that the attackers exfiltrated files that included names, dates of birth, clinical information, financial information, procedure and service codes, and healthcare provider and health plan names.

Ransomware 118

Ransomware Fraud HIPAA 118

HIPAA Journal

JANUARY 26, 2023

Emotet commonly drops the IcedID banking Trojan, which in turn often delivers ransomware payloads. The QakBot operators provide initial access to networks for several ransomware operations. Throughout 2022, LockBit was the most commonly used ransomware variant and remained so throughout the 90-day analysis period.

Ransomware 125

Ransomware HIPAA 125

HIPAA Journal

NOVEMBER 8, 2023

Mulkay Cardiology Consultants at Holy Name Medical Center has recently confirmed that it fell victim to a ransomware attack. The attack was detected on September 5, 2023, when files on its network were encrypted. According to the breach notice, Mulkay was able to rebuild its systems and recover the encrypted files from backups.

Ransomware 109

Ransomware Licensing Health Insurance HIPAA 109

HIPAA Journal

MARCH 9, 2023

In what is believed to be a first, the BlackCat ransomware gang has published naked images of patients that were stolen in one of its attacks on a healthcare organization in an attempt to pressure the victim into paying the ransom. BlackCat is not the only ransomware gang to try new tactics to get victims to pay up.

Ransomware 117

Ransomware Public Health HIPAA 117

HIPAA Journal

APRIL 23, 2024

Notification letters have been sent to more than 34,500 individuals about ransomware attacks that occurred more than 9 months ago. Kisco Senior Living experienced its attack in June 2023, and Island Ambulatory Surgery Center suffered an attack in July.

Ransomware 110

Ransomware Fraud Licensing HIPAA 110

Compliancy Group

DECEMBER 20, 2024

In 2024, the Department of Health and Human Services (HHS) Office for Civil Rights announced a series of enforcement actions against entities that violated, or potentially violated, one or more HIPAA rules. This HIPAA 2024 Year in Review article discusses these actions. Monitor and safeguard its health information systems activity.

Ransomware 52

Ransomware HIPAA Fraud Electronic Medical Records 52

HIPAA Journal

FEBRUARY 22, 2023

A lawsuit has been filed against Freehold Township, NJ-based CentraState Healthcare System over its December 2022 ransomware attack, a few days after the health system started sending notification letters to around 617,000 affected patients.

Ransomware 107

Ransomware Fraud Health Insurance HIPAA 107

HIPAA Journal

NOVEMBER 7, 2024

The use of ransomware in cyberattacks decreased slightly in the first half of the year; however, the severity of ransomware attacks increased according to the 2024 Cyber Claims Report: Mid-Year Update from cyber insurance and security service provider Coalition. million and $2.5

Ransomware 89

Ransomware Fraud HIPAA 89

Healthcare IT Today

NOVEMBER 22, 2024

According to a report from the Office of the Director of National Intelligence, ransomware attacks on healthcare organizations doubled between 2022 and 2023 , making the healthcare sector one of the fastest-growing targets for cybercriminals. Then malicious actors can either subscribe to use the ransomware or purchase access outright.

Ransomware 72

Ransomware Hospitals COVID-19 Compliance 72

Healthcare IT Today

MAY 16, 2024

While it’s amazing to consider two breaches and ransomware incidents the size of Change Healthcare and Ascension could happen so closely together, it’s very clear that healthcare is a target and we need to massively increase our investment in security to show we’ve learned from these experiences.

Ransomware 126

Ransomware US Department of Health and Human Services Hospitals Compliance 126

HIPAA Journal

APRIL 21, 2023

Ransomware attacks increased by 91% in March 2023, according to a new analysis by NCC Group. The massive increase was due to the zero-day vulnerability (CVE-2023-0669) in Fortra’s GoAnywhere MFT file management solution, which was exploited by the Clop ransomware group in 130 attacks on companies over a 10-day period.

Ransomware 102

Ransomware HIPAA 102

HIPAA Journal

JULY 20, 2023

In June, HIPAA-regulated entities reported 66 breaches, and while this was an improvement on the 73 breaches reported in June 2022, the month’s total is still well above the 12-month average of 58 data breaches a month. In H1 2023, 41,452,622 healthcare records were exposed or impermissibly disclosed.

HIPAA 96

HIPAA Ransomware Hospitals Compliance 96

HIPAA Journal

MARCH 15, 2023

Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware attacks on critical infrastructure entities. The program is focused on identifying vulnerabilities in Internet-facing systems that are known to have been exploited by ransomware gangs in previous attacks.

Ransomware 97

Ransomware Governance HIPAA Hospitals 97

HIPAA Journal

NOVEMBER 13, 2023

A zero-day vulnerability in the SysAid IT service management solution is being exploited by the Lace Tempest (aka FIN11, DEV-0950, TA505) threat group to gain access to SysAid servers, steal data, and deploy Clop ransomware. The SysAid vulnerability was identified on November 2, 2023, after it had been exploited.

Ransomware 99

Ransomware HIPAA 99

HIPAA Journal

JUNE 14, 2023

Ransomware attacks can cause healthcare facilities to temporarily close and small healthcare practices have made the decision not to reopen after a ransomware attack, but hospitals and health systems are usually financially resilient enough to remediate the attacks and recover, but not St. Margaret’s Health.

Ransomware 108

Ransomware Hospitals COVID-19 HIPAA 108

HIPAA Journal

APRIL 5, 2023

Montgomery General Hospital in West Virginia has suffered a cyberattack that saw unauthorized individuals gain access to its IT systems on or around February 28, 2023, and deploy ransomware on or around March 1, 2023. The post Montgomery General Hospital Suffers Ransomware Attack and Data Leak appeared first on HIPAA Journal.

Ransomware 96

Ransomware Hospitals Electronic Medical Records HIPAA 96

HIT Consultant

MARCH 25, 2024

UnitedHealth Group’s technology unit, Change Healthcare, is currently facing an ongoing ransomware attack which has reverberated through healthcare systems and affected prescription deliveries. For example, throughout 2023 about one in three Americans were affected by health-related data breaches.

Ransomware 113

Ransomware US Department of Health and Human Services Regulatory Compliance Compliance 113

HIPAA Journal

FEBRUARY 8, 2024

In March 2023, CISA launched its Pre-Ransomware Notification Initiative which sees alerts issued if vulnerabilities are detected that are known to be actively exploited by ransomware groups to allow organizations to take action to prevent the vulnerabilities from being exploited.

Ransomware 85

Ransomware HIPAA 85

HIPAA Journal

JUNE 13, 2023

million individuals in an April 2023 ransomware attack. According to Point32Health, hackers gained access to Harvard Pilgrim’s systems on March 28, 2023, and maintained access to those systems until April 17, 2023, when the intrusion was detected and blocked. million customers. Harvard Pilgrim Health Care, Inc.

Ransomware 102

Ransomware Fraud Health Insurance HIPAA 102

HIPAA Journal

MARCH 10, 2023

In January 2023, MFHS, one of the largest healthcare providers in the state, notified approximately 461,000 current and former patients about a security breach. According to the notifications, unauthorized individuals gained access to its network and used ransomware to encrypt files.

Ransomware 96

Ransomware HIPAA Licensing Health Insurance 96

HIPAA Journal

MAY 18, 2023

The Department of Health and Human Services’ Office for Civil Rights is the main enforcer of HIPAA compliance; however, state Attorneys General also play a role in enforcing compliance with the Rules of the Health Insurance Portability and Accountability Act (HIPAA). million individuals and for delayed breach notifications.

HIPAA 102

HIPAA Compliance Ransomware Hospitals 102

HIT Consultant

AUGUST 29, 2024

Chris Bowen, Founder and CISO, ClearDATA The recent $50 million initiative announced by the Advanced Research Projects Agency for Health (ARPA-H) can’t hurt in the ongoing battle against ransomware in the healthcare sector. Major organizations like Change Healthcare and Ascension have faced significant disruptions due to these breaches.

Ransomware 110

Ransomware Hospitals Compliance Health Insurance 110

HIPAA Journal

AUGUST 25, 2023

million for the first 6 months of 2023 on $4.8 million difference has largely been attributed to the ransomware attack it detected on April 17, 2023., million difference has largely been attributed to the ransomware attack it detected on April 17, 2023., Point32Health has reported operating losses of $102.7

Ransomware 97

Ransomware HIPAA Medicare Medicare 97

HIPAA Journal

AUGUST 7, 2023

The HHS’ Health Sector Cybersecurity Coordination Center (HC3) has issued a security alert about a new ransomware group – Rhysida – which is conducting high-impact attacks across multiple industry sectors. The Cobalt Strike attack framework is deployed on compromised systems and used to deliver the ransomware payload.

Ransomware 90

Ransomware Public Health HIPAA Governance 90

HIPAA Journal

MARCH 29, 2024

It has been more than 5 weeks since Change Healthcare suffered a Blackcat ransomware attack. Department of State Offers $10 Million Reward for Information on ALPHV/Blackcat Ransomware Group The U.S. The AHA expressed concern about Fontes Rainer’s statement and is seeking clarification on which entities need to issue notifications.

Ransomware 99

Ransomware US Department of Health and Human Services HIPAA Hospitals 99