HIPAA Journal

APRIL 8, 2024

The Medusa ransomware group has leaked data stolen from American Renal Associates. American Renal Associates American Renal Associates (ARA), one of the largest providers of dialysis services in the United States and a provider of care for patients suffering from end-stage renal disease has experienced a Medusa ransomware attack.

Ransomware 77

Ransomware Health Insurance Licensing HIPAA 77

HIPAA Journal

JULY 17, 2023

The notification was received on May 9, 2023, and a third-party incident response firm was engaged to investigate and determine the validity of the threat actor’s claims. The post Naked Patient Photos Published After Ransomware Attack on Plastic Surgery Clinic appeared first on HIPAA Journal. Gary Motykie were also published online.

Ransomware 97

Ransomware HIPAA Licensing Health Insurance 97

HIPAA Journal

JANUARY 9, 2023

Maternal & Family Health Services in Eastern Pennsylvania has recently notified certain patients about an April 4, 2022, ransomware attack in which sensitive patient data was exposed. Notifications were sent to affected individuals on January 3, 2023. Retreat Behavioral Health Ransomware Attack Affects Up to 23,620 Patients.

Ransomware 95

Ransomware HIPAA Licensing Health Insurance 95

HIPAA Journal

FEBRUARY 7, 2023

Regal Medical Group, a San Bernardino, CA-based affiliate of the Heritage Provider Network, recently announced that it was attacked with ransomware. The forensic investigation confirmed that the attackers gained access to the servers on or around December 1 and exfiltrated files before the ransomware was deployed.

Ransomware 74

Ransomware Hospitals Licensing HIPAA 74

HIPAA Journal

SEPTEMBER 8, 2023

A security breach was detected on March 5, 2023, and systems were immediately taken offline to prevent further unauthorized access. A forensic investigation was initiated to determine the nature and scope of the attack, which confirmed there had been unauthorized access to its systems between February 3, 2023, and March 5, 2023.

Licensing 107

Licensing Ransomware Health Insurance HIPAA 107

HIPAA Journal

MARCH 29, 2023

Atlantic General Hospital – Ransomware Attack Atlantic General Hospital (AGH) in Berlin, MD, has recently reported a ransomware attack to the Maine Attorney General that has affected up to 30,704 individuals. The attack was detected on January 29, 2023, when files were discovered to have been encrypted.

Hospitals 110

Hospitals Ransomware Licensing Health Insurance 110

HIPAA Journal

MAY 2, 2023

NYSARC Columbia County Chapter Notifies Individuals About July 2022 Ransomware Attack NYSARC Columbia County Chapter (COARC) has started notifying certain individuals that some of their protected health information has potentially been obtained by unauthorized individuals in a July 2022 ransomware attack.

Ransomware 104

Ransomware Licensing Health Insurance HIPAA 104

HIPAA Journal

MAY 26, 2023

That appears to be the case with two recent cyberattacks, neither of which mention ransomware or confirm that data theft occurred. AENT said it was able to determine that “an unauthorized actor may have had access to certain systems that stored personal and protected health information,” between March 23, 2023, and April 4, 2023.

Ransomware 63

Ransomware Health Insurance HIPAA Licensing 63

HIPAA Journal

NOVEMBER 21, 2022

The Wisconsin-based dermatology practice, Forefront Dermatology, has agreed to settle a class action lawsuit filed on behalf of patients whose protected health information (PHI) was compromised in a ransomware attack in late May 2021. The final approval hearing has been scheduled for March 1, 2023.

Ransomware 68

Ransomware Fraud HIPAA Licensing 68

HIPAA Journal

JULY 3, 2024

has confirmed that patient data has been compromised in a cyberattack, and the Monti ransomware group has claimed responsibility for a cyberattack on Wayne Memorial Hospital. They confirmed that an unauthorized actor gained access to its network on October 8, 2023, and maintained access until the breach was detected.

Ransomware 123

Ransomware Health Insurance Hospitals HIPAA 123

HIPAA Journal

FEBRUARY 15, 2023

The medical device manufacturer Electromed has proposed a $850,000 settlement to resolve claims related to a June 2021 ransomware attack and data breach involving the protected health information of 47,200 individuals. The deadline for objection to and exclusion from the settlement is March 2, 2023. A lawsuit – Lutz, et al.

Ransomware 95

Ransomware Fraud Licensing Health Insurance 95

HIPAA Journal

FEBRUARY 8, 2024

The incident was detected on November 9, 2023. Cybersecurity experts were engaged to assist with the investigation, which confirmed that unauthorized individuals accessed certain systems on or before September 27, 2023, and encrypted certain files. It is not clear from the notification letters when the intrusion occurred.

Ransomware 90

Ransomware Electronic Medical Records Licensing Health Insurance 90

HIPAA Journal

JUNE 8, 2023

The security breach was detected on April 4, 2023, and the forensic investigation confirmed its network had been accessed by an unauthorized third party between March 7, 2023, and April 4, 2023. According to the May 22, 2023, breach notice, the incidents occurred in 2021.

Ransomware 105

Ransomware HIPAA Licensing Health Insurance 105

HIPAA Journal

APRIL 14, 2023

While ILS discovered the breach in July 2022, it took until February 14, 2023, for Telligen to be notified about the breach. Telligen notified the Iowa DHSS three days later on February 17, 2023. Notifications were mailed to affected individuals on April 10, 2023. Ransomware was not used in the attack, but files were stolen.

Medicaid 106

Medicaid Medicaid Ransomware HIPAA 106

HIPAA Journal

JUNE 22, 2023

an Albany, OR-based home care service, says it detected unauthorized access to its computer network on March 13, 2023. Individuals whose Social Security and driver’s license numbers were impacted have been offered complimentary credit monitoring and identity theft protection services. Kannact Inc.,

Ransomware 85

Ransomware Licensing HIPAA 85

HIPAA Journal

DECEMBER 2, 2022

San Juan Regional Medical Center stated at the time that this was a malware, rather than a ransomware attack. The final data for objection to or exclusion from the settlement is January 9, 2023. All claims must be submitted by February 8, 2023. A fairness hearing for the settlement has been scheduled for February 22, 2023.

Licensing 99

Licensing HIPAA Ransomware Health Insurance 99

HIPAA Journal

MAY 24, 2023

Unauthorized customer account activity was detected by PillPack on April 3, 2023, and the investigation revealed customer accounts had been accessed by an unauthorized third party between April 2 and April 6, 2023. Up-to-date contact information then needed to be obtained, and notification letters started to be sent on April 19, 2023.

HIPAA 122

HIPAA Ransomware Licensing Governance 122

HIPAA Journal

JULY 25, 2023

The vulnerability was identified on May 31, 2023, with the forensic investigation confirming data theft occurred on May 26, 2023. Wake Family Eye Care Suffers Ransomware Attack Wake Family Eye Care in Cary, NC, recently fell victim to a ransomware attack. Financial information was not compromised.

Ransomware 88

Ransomware Licensing HIPAA Health Insurance 88

HIPAA Journal

JULY 27, 2023

UT Southwestern Medical Center (UTSW) has recently confirmed that the protected health information of 98,437 patients was stolen in a cyberattack on May 28, 2023. UTSW was notified about the attack by Progress Software on May 30, 2023, and the exploited vulnerability was immediately patched.

Ransomware 93

Ransomware Licensing Health Insurance HIPAA 93

HIPAA Journal

JUNE 8, 2023

An unauthorized third party gained access to MCNA Dental’s systems on February 26, 2023, the breach was detected on March 6, 2023, and the unauthorized access was blocked the following day. A few days later, on April 5, 2023, SJBHR was the victim of a ransomware attack that resulted in files being encrypted on certain computer systems.

Medicaid 89

Medicaid Medicaid Ransomware Health Insurance 89

HIPAA Journal

AUGUST 2, 2023

The Chattanooga Heart Institute (CHI) in Tennessee has recently announced that it identified a cyberattack on its network on April 17, 2023. A third-party data review company was provided with the files on December 22, 2022, and provided the results of the analysis to SHS on May 16, 2023.

Licensing 80

Licensing Electronic Medical Records Ransomware Health Insurance 80

HIPAA Journal

JUNE 8, 2023

Peachtree Orthopedics in Atlanta, GA, has announced that it was the victim of a cyberattack on April 20, 2023. Mission Community Hospital Investigating Cyberattack Mission Community Hospital in California is investigating a cyberattack that occurred on April 29, 2023. It is unclear if the two incidents are linked.

Ransomware 87

Ransomware Hospitals Medical Billing HIPAA 87

HIPAA Journal

APRIL 25, 2024

Like several other cybercriminal groups, BianLian tends not to use ransomware anymore and just steals data and demands payment to prevent the exposure or sale of the data. On October 26, 2023, Advarra discovered suspicious activity in an employee’s user account. The BianLian group has claimed responsibility for the attack.

Licensing 97

Licensing HIPAA Ransomware 97

HIPAA Journal

JULY 9, 2024

SouthCoast Health and Privia Medical Group in Georgia have notified patients about a cyberattack and data breach that occurred in June 2023. During that time, files on the network were viewed or copied.

Medicare 109

Medicare Medicare Ransomware HIPAA 109

HIPAA Journal

AUGUST 22, 2023

Morris Hospital & Healthcare Centers in Illinois has started notifying 248,943 individuals about a cyberattack that was detected on April 4, 2023. That information included diagnoses, phone numbers, Social Security numbers, insurance information, driver’s license numbers, and scans.

Hospitals 89

Hospitals Ransomware HIPAA Licensing 89

HIPAA Journal

MAY 18, 2023

Suspicious network activity was detected on March 9, 2023, and immediate action was taken to secure the network. The business associate detected a security breach on March 6, 2023, and the investigation confirmed its systems were accessed on March 4, 2023.

Ransomware 100

Ransomware HIPAA Licensing Medicare 100

HIPAA Journal

JULY 3, 2023

The compromised information varied from patient to patient and may have included first and last names, addresses, dates of birth, Social Security numbers, driver’s license numbers, government-issued identification numbers, health insurance information, medical conditions/diagnoses, and other health or medical information.

Health Insurance 92

Health Insurance Licensing Ransomware HIPAA 92

HIPAA Journal

SEPTEMBER 12, 2023

Seymour, IN-based Schneck Medical Center has settled a lawsuit with the Indiana attorney general, Todd Rokita, over a 2021 ransomware attack and data breach that affected 89,707 Indiana residents. Schneck Medical Center Compensates Patients for Losses Schneck Medical Center has also recently settled a consolidated class action lawsuit for $1.3

HIPAA 96

HIPAA Ransomware Health Insurance Fraud 96

HIPAA Journal

AUGUST 10, 2023

Affected individuals were notified on August 4, 2023. For the research study, the data was published on the tool on February 25, 2018, and for the quality improvement project, on January 14, 2023. The publicly accessible link was discovered on June 8, 2023, and was removed on June 13.

HIPAA 77

HIPAA Ransomware Licensing Health Insurance 77

HIPAA Journal

APRIL 25, 2023

Santa Clara Family Health Plan Confirmed as Victim of Clop GoAnywhere Hack Santa Clara Family Health Plan has confirmed the 276,993-record data breach reported to the HHS’ Office for Civil Rights on March 30, 2023, was due to the hacking of Fortra’s GoAnywhere MFT solution by the Clop ransomware group.

Health Insurance 95

Health Insurance Public Health Ransomware Fraud 95

HIPAA Journal

JULY 31, 2023

a government services contracting company, has announced in a Securities and Exchange Commission (SEC) filing that hackers exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer solution in May 2023 and accessed the protected health information (PHI) of between 8 and 11 million individuals. Reston, VA-based Maximus Inc.,

Governance 79

Governance Medicare Medicare Ransomware 79

HIPAA Journal

FEBRUARY 23, 2023

In Early February, a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file transfer software (CVE-2023-0669) was exploited in attacks on more than 130 organizations, including several in the healthcare industry such as Community Health Systems (CHS) in Tennessee. That attack affected up to 1 million patients.

Ransomware 63

Ransomware Licensing Public Health HIPAA 63

HIPAA Journal

MAY 30, 2023

On March 6, 2023, MCNA discovered an unauthorized third party was able to access certain systems within its IT network. It appears that the ransom was not paid, as the group published the stolen files on April 7, 2023.

Health Insurance 104

Health Insurance Medicaid Medicaid Ransomware 104

HIPAA Journal

MARCH 28, 2024

Suspicious activity was detected within its network on April 13, 2023, and after securing its systems, a forensic investigation was launched to determine the nature and scope of the unauthorized activity. In November 2023, the vendor was unable to access the patient management tool and worked with its subcontractor to address the problem.

Hospitals 83

Hospitals Ransomware HIPAA Licensing 83

HIT Consultant

JULY 11, 2024

Ransomware, account takeover and distributed denial-of-service (DDOS) attacks that lock providers out of electronic health record (EHR) systems, shut down dosing machines and brick critical equipment force hospitals to act fast to protect patients, meaning they often have no choice but to give in to the attackers’ demands.

FDA 115

FDA Hospitals Governance Ransomware 115

HIPAA Journal

MARCH 16, 2023

Florida Medical Clinic Florida Medical Clinic has recently announced that it was the victim of a ransomware attack. The attack was detected on January 9, 2023, and prompt action was taken to contain the attack, which limited data exposure, although files were encrypted.

Electronic Medical Records 68

Electronic Medical Records Health Insurance Ransomware HIPAA 68

AIHC

MARCH 12, 2024

As technology advances, so do cyber criminals When it comes to cyberattacks and cyber extortion (ransomware attacks), health care organization continue to suffer as prime targets and continue to struggle to recover after an attack. America’s cyber defense agency CISA (Cybersecurity & Infrastructure Security Agency). How does it work?

Ransomware 59

Ransomware Governance Compliance HIPAA 59