HIPAA Journal

MARCH 10, 2023

In January 2023, MFHS, one of the largest healthcare providers in the state, notified approximately 461,000 current and former patients about a security breach. According to the notifications, unauthorized individuals gained access to its network and used ransomware to encrypt files.

Ransomware 97

Ransomware HIPAA Licensing Health Insurance 97

HIPAA Journal

JULY 17, 2023

The notification was received on May 9, 2023, and a third-party incident response firm was engaged to investigate and determine the validity of the threat actor’s claims. The post Naked Patient Photos Published After Ransomware Attack on Plastic Surgery Clinic appeared first on HIPAA Journal. Gary Motykie were also published online.

Ransomware 98

Ransomware HIPAA Licensing Health Insurance 98

HIPAA Journal

MAY 26, 2023

That appears to be the case with two recent cyberattacks, neither of which mention ransomware or confirm that data theft occurred. AENT said it was able to determine that “an unauthorized actor may have had access to certain systems that stored personal and protected health information,” between March 23, 2023, and April 4, 2023.

Ransomware 63

Ransomware Health Insurance HIPAA Licensing 63

HIPAA Journal

FEBRUARY 7, 2023

Regal Medical Group, a San Bernardino, CA-based affiliate of the Heritage Provider Network, recently announced that it was attacked with ransomware. The forensic investigation confirmed that the attackers gained access to the servers on or around December 1 and exfiltrated files before the ransomware was deployed.

Ransomware 74

Ransomware Hospitals Licensing HIPAA 74

HIPAA Journal

JANUARY 9, 2023

Maternal & Family Health Services in Eastern Pennsylvania has recently notified certain patients about an April 4, 2022, ransomware attack in which sensitive patient data was exposed. Notifications were sent to affected individuals on January 3, 2023. Retreat Behavioral Health Ransomware Attack Affects Up to 23,620 Patients.

Ransomware 97

Ransomware HIPAA Licensing Health Insurance 97

HIPAA Journal

NOVEMBER 21, 2022

The Wisconsin-based dermatology practice, Forefront Dermatology, has agreed to settle a class action lawsuit filed on behalf of patients whose protected health information (PHI) was compromised in a ransomware attack in late May 2021. The final approval hearing has been scheduled for March 1, 2023.

Ransomware 68

Ransomware Fraud HIPAA Licensing 68

HIPAA Journal

SEPTEMBER 8, 2023

A security breach was detected on March 5, 2023, and systems were immediately taken offline to prevent further unauthorized access. A forensic investigation was initiated to determine the nature and scope of the attack, which confirmed there had been unauthorized access to its systems between February 3, 2023, and March 5, 2023.

Licensing 108

Licensing Ransomware Health Insurance HIPAA 108

HIPAA Journal

MAY 2, 2023

NYSARC Columbia County Chapter Notifies Individuals About July 2022 Ransomware Attack NYSARC Columbia County Chapter (COARC) has started notifying certain individuals that some of their protected health information has potentially been obtained by unauthorized individuals in a July 2022 ransomware attack.

Ransomware 106

Ransomware Licensing Health Insurance HIPAA 106

HIPAA Journal

MARCH 29, 2023

Atlantic General Hospital – Ransomware Attack Atlantic General Hospital (AGH) in Berlin, MD, has recently reported a ransomware attack to the Maine Attorney General that has affected up to 30,704 individuals. The attack was detected on January 29, 2023, when files were discovered to have been encrypted.

Hospitals 112

Hospitals Ransomware Licensing Health Insurance 112

HIPAA Journal

JUNE 22, 2023

an Albany, OR-based home care service, says it detected unauthorized access to its computer network on March 13, 2023. Individuals whose Social Security and driver’s license numbers were impacted have been offered complimentary credit monitoring and identity theft protection services. Kannact Inc.,

Ransomware 87

Ransomware Licensing HIPAA 87

HIPAA Journal

FEBRUARY 8, 2024

The incident was detected on November 9, 2023. Cybersecurity experts were engaged to assist with the investigation, which confirmed that unauthorized individuals accessed certain systems on or before September 27, 2023, and encrypted certain files. It is not clear from the notification letters when the intrusion occurred.

Ransomware 91

Ransomware Electronic Medical Records Licensing Health Insurance 91

HIPAA Journal

JULY 3, 2024

has confirmed that patient data has been compromised in a cyberattack, and the Monti ransomware group has claimed responsibility for a cyberattack on Wayne Memorial Hospital. They confirmed that an unauthorized actor gained access to its network on October 8, 2023, and maintained access until the breach was detected.

Ransomware 124

Ransomware Health Insurance Hospitals HIPAA 124

HIPAA Journal

FEBRUARY 15, 2023

The medical device manufacturer Electromed has proposed a $850,000 settlement to resolve claims related to a June 2021 ransomware attack and data breach involving the protected health information of 47,200 individuals. The deadline for objection to and exclusion from the settlement is March 2, 2023. A lawsuit – Lutz, et al.

Ransomware 97

Ransomware Fraud Licensing Health Insurance 97

HIPAA Journal

AUGUST 2, 2023

The Chattanooga Heart Institute (CHI) in Tennessee has recently announced that it identified a cyberattack on its network on April 17, 2023. A third-party data review company was provided with the files on December 22, 2022, and provided the results of the analysis to SHS on May 16, 2023.

Licensing 82

Licensing Electronic Medical Records Ransomware Health Insurance 82

HIPAA Journal

JULY 25, 2023

The vulnerability was identified on May 31, 2023, with the forensic investigation confirming data theft occurred on May 26, 2023. Wake Family Eye Care Suffers Ransomware Attack Wake Family Eye Care in Cary, NC, recently fell victim to a ransomware attack. Financial information was not compromised.

Ransomware 89

Ransomware Licensing HIPAA Health Insurance 89

HIPAA Journal

JUNE 8, 2023

An unauthorized third party gained access to MCNA Dental’s systems on February 26, 2023, the breach was detected on March 6, 2023, and the unauthorized access was blocked the following day. A few days later, on April 5, 2023, SJBHR was the victim of a ransomware attack that resulted in files being encrypted on certain computer systems.

Medicaid 90

Medicaid Medicaid Ransomware Health Insurance 90

HIPAA Journal

JULY 27, 2023

UT Southwestern Medical Center (UTSW) has recently confirmed that the protected health information of 98,437 patients was stolen in a cyberattack on May 28, 2023. UTSW was notified about the attack by Progress Software on May 30, 2023, and the exploited vulnerability was immediately patched.

Ransomware 94

Ransomware Licensing Health Insurance HIPAA 94

HIPAA Journal

JUNE 8, 2023

The security breach was detected on April 4, 2023, and the forensic investigation confirmed its network had been accessed by an unauthorized third party between March 7, 2023, and April 4, 2023. According to the May 22, 2023, breach notice, the incidents occurred in 2021.

Ransomware 106

Ransomware HIPAA Licensing Health Insurance 106

HIPAA Journal

APRIL 14, 2023

While ILS discovered the breach in July 2022, it took until February 14, 2023, for Telligen to be notified about the breach. Telligen notified the Iowa DHSS three days later on February 17, 2023. Notifications were mailed to affected individuals on April 10, 2023. Ransomware was not used in the attack, but files were stolen.

Medicaid 108

Medicaid Medicaid Ransomware HIPAA 108

HIPAA Journal

JUNE 8, 2023

Peachtree Orthopedics in Atlanta, GA, has announced that it was the victim of a cyberattack on April 20, 2023. Mission Community Hospital Investigating Cyberattack Mission Community Hospital in California is investigating a cyberattack that occurred on April 29, 2023. It is unclear if the two incidents are linked.

Ransomware 89

Ransomware Hospitals Medical Billing HIPAA 89

HIPAA Journal

DECEMBER 2, 2022

San Juan Regional Medical Center stated at the time that this was a malware, rather than a ransomware attack. The final data for objection to or exclusion from the settlement is January 9, 2023. All claims must be submitted by February 8, 2023. A fairness hearing for the settlement has been scheduled for February 22, 2023.

Licensing 101

Licensing HIPAA Ransomware Health Insurance 101

HIPAA Journal

AUGUST 22, 2023

Morris Hospital & Healthcare Centers in Illinois has started notifying 248,943 individuals about a cyberattack that was detected on April 4, 2023. That information included diagnoses, phone numbers, Social Security numbers, insurance information, driver’s license numbers, and scans.

Hospitals 91

Hospitals Ransomware HIPAA Licensing 91

HIPAA Journal

APRIL 25, 2024

Like several other cybercriminal groups, BianLian tends not to use ransomware anymore and just steals data and demands payment to prevent the exposure or sale of the data. On October 26, 2023, Advarra discovered suspicious activity in an employee’s user account. The BianLian group has claimed responsibility for the attack.

Licensing 99

Licensing HIPAA Ransomware 99

HIPAA Journal

JULY 9, 2024

SouthCoast Health and Privia Medical Group in Georgia have notified patients about a cyberattack and data breach that occurred in June 2023. During that time, files on the network were viewed or copied.

Medicare 110

Medicare Medicare Ransomware HIPAA 110

HIPAA Journal

AUGUST 10, 2023

Affected individuals were notified on August 4, 2023. For the research study, the data was published on the tool on February 25, 2018, and for the quality improvement project, on January 14, 2023. The publicly accessible link was discovered on June 8, 2023, and was removed on June 13.

HIPAA 79

HIPAA Ransomware Licensing Health Insurance 79

HIPAA Journal

JULY 3, 2023

The compromised information varied from patient to patient and may have included first and last names, addresses, dates of birth, Social Security numbers, driver’s license numbers, government-issued identification numbers, health insurance information, medical conditions/diagnoses, and other health or medical information.

Health Insurance 93

Health Insurance Licensing Ransomware HIPAA 93

HIPAA Journal

MAY 24, 2023

Unauthorized customer account activity was detected by PillPack on April 3, 2023, and the investigation revealed customer accounts had been accessed by an unauthorized third party between April 2 and April 6, 2023. Up-to-date contact information then needed to be obtained, and notification letters started to be sent on April 19, 2023.

HIPAA 124

HIPAA Ransomware Licensing Governance 124

HIPAA Journal

FEBRUARY 23, 2023

In Early February, a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file transfer software (CVE-2023-0669) was exploited in attacks on more than 130 organizations, including several in the healthcare industry such as Community Health Systems (CHS) in Tennessee. That attack affected up to 1 million patients.

Ransomware 63

Ransomware Licensing Public Health HIPAA 63

HIPAA Journal

JULY 31, 2023

a government services contracting company, has announced in a Securities and Exchange Commission (SEC) filing that hackers exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer solution in May 2023 and accessed the protected health information (PHI) of between 8 and 11 million individuals. Reston, VA-based Maximus Inc.,

Governance 81

Governance Medicare Medicare Ransomware 81

HIPAA Journal

SEPTEMBER 12, 2023

Seymour, IN-based Schneck Medical Center has settled a lawsuit with the Indiana attorney general, Todd Rokita, over a 2021 ransomware attack and data breach that affected 89,707 Indiana residents. Schneck Medical Center Compensates Patients for Losses Schneck Medical Center has also recently settled a consolidated class action lawsuit for $1.3

HIPAA 98

HIPAA Ransomware Health Insurance Fraud 98

HIPAA Journal

MAY 18, 2023

Suspicious network activity was detected on March 9, 2023, and immediate action was taken to secure the network. The business associate detected a security breach on March 6, 2023, and the investigation confirmed its systems were accessed on March 4, 2023.

Ransomware 101

Ransomware HIPAA Licensing Medicare 101

AIHC

MARCH 12, 2024

As technology advances, so do cyber criminals When it comes to cyberattacks and cyber extortion (ransomware attacks), health care organization continue to suffer as prime targets and continue to struggle to recover after an attack. America’s cyber defense agency CISA (Cybersecurity & Infrastructure Security Agency). How does it work?

Ransomware 59

Ransomware Governance Compliance HIPAA 59

HIPAA Journal

APRIL 25, 2023

Santa Clara Family Health Plan Confirmed as Victim of Clop GoAnywhere Hack Santa Clara Family Health Plan has confirmed the 276,993-record data breach reported to the HHS’ Office for Civil Rights on March 30, 2023, was due to the hacking of Fortra’s GoAnywhere MFT solution by the Clop ransomware group.

Health Insurance 96

Health Insurance Public Health Ransomware Fraud 96

AIHC

MARCH 12, 2024

As technology advances, so do cyber criminals When it comes to cyberattacks and cyber extortion (ransomware attacks), health care organization continue to suffer as prime targets and continue to struggle to recover after an attack. America’s cyber defense agency CISA (Cybersecurity & Infrastructure Security Agency). How does it work?

Ransomware 52

Ransomware Governance Compliance HIPAA 52

HIPAA Journal

MARCH 28, 2024

Suspicious activity was detected within its network on April 13, 2023, and after securing its systems, a forensic investigation was launched to determine the nature and scope of the unauthorized activity. In November 2023, the vendor was unable to access the patient management tool and worked with its subcontractor to address the problem.

Hospitals 84

Hospitals Ransomware HIPAA Licensing 84

HIPAA Journal

JULY 27, 2023

Norton Healthcare, a Kentucky-based operator of more than 140 clinics and hospitals in Kentucky and Southern Indiana, is facing a class action lawsuit over a May 2023 cyberattack and data breach. On July 21, 2023, a class action lawsuit was filed in U.S.

Ransomware 52

Ransomware Fraud Licensing Health Insurance 52

HIPAA Journal

MARCH 16, 2023

Florida Medical Clinic Florida Medical Clinic has recently announced that it was the victim of a ransomware attack. The attack was detected on January 9, 2023, and prompt action was taken to contain the attack, which limited data exposure, although files were encrypted.

Electronic Medical Records 68

Electronic Medical Records Health Insurance Ransomware HIPAA 68