HIPAA Journal

AUGUST 15, 2022

Multiple ransomware groups have adopted the BazarCall callback phishing technique to gain initial access to victims’ networks, including threat actors that have targeted the healthcare sector. That action could be to visit a malicious website or download a malicious file.

Ransomware 134

Ransomware HIPAA 134

HIPAA Journal

NOVEMBER 10, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has recently shared details of the tactics, techniques, and procedures associated with Venus ransomware attacks, and has made several recommendations on mitigations that healthcare organizations can implement to improve their defenses against attacks.

Ransomware 117

Ransomware HIPAA 117

HIPAA Journal

MARCH 18, 2022

A large percentage of those breaches could have been prevented if HIPAA-regulated entities were fully compliant with the HIPAA Security Rule. Coveware’s Q2, 2021 Quarterly Ransomware Report suggests 42% of ransomware attacks in the quarter saw initial network access gained via phishing emails. Prevention of Phishing.

HIPAA 141

HIPAA Compliance Ransomware Healthcare information Technology 141

HIPAA Journal

FEBRUARY 27, 2023

The healthcare and public health (HPH) sector has been warned about cyberattacks involving MedusaLocker ransomware – one of the lesser-known ransomware variants used in cyberattacks on the sector. The ransomware variant was first detected in September 2019 and the group is thought to primarily target the HPH sector.

Ransomware 113

Ransomware Public Health HIPAA 113

HIPAA Journal

MARCH 9, 2023

A joint cybersecurity advisory has been published by CISA and the FBI, sharing details of the tactics, techniques, and procedures (TTPs) used by the Royal ransomware gang and Indicators of Compromise (IoCs) to help network defenders better protect against attacks. Full IoCs and TTPs are detailed in the cybersecurity alert.

Ransomware 93

Ransomware Public Health HIPAA 93

HIPAA Journal

MAY 18, 2023

A joint cybersecurity alert has been issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) about the BianLian ransomware and data extortion group.

Ransomware 104

Ransomware Public Health HIPAA 104

HIPAA Journal

MARCH 10, 2022

The Austin, TX-based cloud hosting and data storage company DataHEALTH has announced it was the victim of a ransomware attack on November 3, 2021. The malware was detected on or around August 9, 2021, with the investigation confirming the malware was downloaded onto its systems on July 27, 2021. DataHealth. Dr. Douglas C.

Ransomware 132

Ransomware Licensing Health Insurance HIPAA 132

HIPAA Journal

JANUARY 27, 2023

Des Plaines, IL-based Lutheran Social Services of Illinois, one of the largest providers of social services in the state, has announced that its systems were compromised and ransomware was used to encrypt files. This coincides with the 60-day reporting deadline of the HIPAA Breach Notification Rule.

Ransomware 99

Ransomware HIPAA Fraud Licensing 99

HIPAA Journal

JANUARY 16, 2023

The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence on two sophisticated and aggressive ransomware operations – Blackcat and Royal – which pose a significant threat to the healthcare and public health (HPH) sector. Royal is now the most active ransomware operation, having surpassed Lockbit.

Ransomware 86

Ransomware Public Health HIPAA Hospitals 86

Compliancy Group

JUNE 29, 2022

Download the free cybersecurity eBook to get tips on protecting your patient information. Eye Care’s myCare Integrity solution was hacked via a ransomware attack on December 4, 2021. . Let’s Simplify Compliance Cybersecurity and HIPAA go hand-in-hand. × HIPAA Compliance Simplified. Is your organization secure?

Ransomware 98

Ransomware Electronic Medical Records HIPAA Compliance 98

HIPAA Journal

JANUARY 31, 2024

Report: Security Breaches in Healthcare (Direct Download PDF, 1.9MB, 16 pages) An unwanted record was set in 2023 with 725 large security breaches in healthcare reported to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), beating the record of 720 healthcare security breaches set the previous year.

Ransomware 128

Ransomware HIPAA Hospitals Compliance 128

HIPAA Journal

MAY 9, 2023

In January 2023 , NextGen was added to the data leak site of the BlackCat ransomware group, although the listing was later taken down. The incident was investigated and a spokesman for NextGen said no patient data had been exposed or downloaded, and consequently this was not a reportable data breach.

Ransomware 125

Ransomware HIPAA Doctors 125

HIPAA Journal

NOVEMBER 9, 2023

The Cyber Division of the Federal Bureau of Investigation (FBI) has issued a private industry notification that includes details of emerging techniques that are being used by ransomware gangs to gain initial access to victims’ networks. This type of attack is known as callback phishing and has been popular with ransomware gangs since 2022.

Ransomware 85

Ransomware HIPAA 85

HIPAA Journal

NOVEMBER 17, 2022

Salud Family Health Provides Update on September 2022 Ransomware Attack. The breach was reported to the HHS’ Office for Civil Rights using a placeholder of 501 and that figure has yet to be updated on the OCR breach portal; however, the threat actor behind the attack – the Lorenz ransomware group – has dumped a sample of the files online.

Ransomware 84

Ransomware Health Insurance Fraud HIPAA 84

HIPAA Journal

AUGUST 12, 2022

The emails have an Evernote-themed lure to trick recipients into downloading a Trojan file that generates a login prompt to steal credentials. The link included in the email directs the user to the Evernote site, where they are prompted to download an HTML file – called message (3).html. Evernote Phishing Campaign. Source: HC3.

Ransomware 111

Ransomware HIPAA 111

HIPAA Journal

JULY 3, 2024

has confirmed that patient data has been compromised in a cyberattack, and the Monti ransomware group has claimed responsibility for a cyberattack on Wayne Memorial Hospital. The hospital has been added to the Monti group’s data leak site, but no data is currently listed for download.

Ransomware 123

Ransomware Health Insurance Hospitals HIPAA 123

HIPAA Journal

JANUARY 30, 2023

The National HIPAA Summit is the leading forum on healthcare EDI, privacy, breach notification, confidentiality, data security, and HIPAA compliance, and the deadline for registration for the Virtual 40th National HIPAA Summit is fast approaching.

US Department of Health and Human Services 85

US Department of Health and Human Services HIPAA Compliance Medicaid 85

HIPAA Journal

MARCH 27, 2023

Devices can be lost or stolen, they may connect to unsecured Wi-Fi networks, and software and applications may have vulnerabilities that can be exploited, resulting in unauthorized network access or the downloading of malware or ransomware. You can access/download the HC3 mobile device security checklist here (PDF).

Ransomware 109

Ransomware HIPAA Hospitals 109

HIPAA Journal

JUNE 14, 2023

The group is financially motivated and often engages in data theft for extortion, with or without ransomware. FIN11 often deploys CLOP ransomware in its attacks, although it is unclear exactly how many CLOP ransomware attacks FIN11 has conducted. FIN11 also targeted HPH sector organizations during the COVID-19 pandemic.

Ransomware 94

Ransomware COVID-19 Public Health HIPAA 94

HIPAA Journal

DECEMBER 1, 2022

An unauthorized individual was found to have gained access to its network and downloaded files containing the protected health information of 45,785 patients. Health Plan Member Data Potentially Compromised in Innovative Service Technology Management Services Ransomware Attack.

Health Insurance 112

Health Insurance Ransomware HIPAA Governance 112

Healthcare IT News - Telehealth

MAY 17, 2022

HIPAA security policies require health systems to conduct a thorough risk analysis on a regular basis. In many cases the devices and wearables used by patients do not transmit data directly to the care-delivery organization, which helps to mitigate against the risk of malware, ransomware or other malicious software. Twitter: @kjercich.

Ransomware 149

Ransomware HIPAA Hospitals 149

HIPAA Journal

MARCH 30, 2023

Ransomware and phishing continue to be the biggest cybersecurity concerns for healthcare organizations according to the February 2023 Current and Emerging Healthcare Cyber Threat Landscape report from Health-ISAC. Ransomware was the biggest concern for 2022 and 2023 with phishing and spear phishing in second.

Ransomware 106

Ransomware Fraud Governance Medical Billing 106

HIPAA Journal

APRIL 24, 2024

While state-sponsored threat actors continue to target zero-day flaws, especially China-nexus threat actors, ransomware and data extortion groups are increasingly acquiring and utilizing 0days, helped by the rise of commercially available turnkey exploit kits.

Ransomware 103

Ransomware HIPAA Hospitals 103

HIPAA Journal

MARCH 3, 2023

Phishing is one of the most commonly used initial access vectors in cyberattacks, commonly leading to costly account compromises, data breaches, and ransomware attacks. One-third of working adults were unable to define malware, phishing, and ransomware, and there has been little change in understanding since 2021.

Ransomware 132

Ransomware HIPAA 132

HIPAA Journal

AUGUST 4, 2023

Ransomware and information stealing malware were highly prevalent. Amadey has information stealing capabilities and is often used to perform reconnaissance before downloading additional malicious payloads. The post Healthcare and Financial Services Remain Top Targets for Cyber Threat Actors appeared first on HIPAA Journal.

Ransomware 88

Ransomware Governance HIPAA 88

HIPAA Journal

NOVEMBER 8, 2023

Mulkay Cardiology Consultants at Holy Name Medical Center has recently confirmed that it fell victim to a ransomware attack. Ransomware Gangs Claim Responsibility for Attacks on Healthcare Providers The following healthcare providers have recently been added to the data leak sites of ransomware groups. Summit Health (LockBit 3.0)

Ransomware 109

Ransomware Licensing Health Insurance HIPAA 109

Healthcare IT Today

MARCH 23, 2023

While there are many tools and best practices to protect against ransomware, such as ensuring backups are segregated from production, proper incident response, file integrity monitoring, etc., From there, the hackers were able to infect the entire network with ransomware. How did it start?

Ransomware 141

Ransomware Hospitals Health Insurance HIPAA 141

HIPAA Journal

MARCH 21, 2022

As previously reported on this site, JDC Healthcare Management detected malware within its IT network on or around August 9, 2021, with the forensic investigation into the security breach confirming the malware was downloaded onto its systems on July 27, 2021. Suffers Ransomware Attack. Wheeling Health Right Inc.

Ransomware 109

Ransomware Licensing HIPAA Health Insurance 109

HIPAA Journal

OCTOBER 10, 2022

Threat actors leverage software tools that have already been installed to avoid having to download files via the Internet, malicious activities can be hidden within the logs along site legitimate use of these tools, and these tools are used to conduct malicious activities in the memory to evade security solutions.

Ransomware 106

Ransomware Public Health HIPAA 106

Total Medical ComplianceHIPAA

NOVEMBER 11, 2024

HIPAA: How does ransomware spread? Ransomware commonly spreads through phishing emails, malicious attachments, or compromised websites. Once a user clicks on a link or downloads infected content, the ransomware installs itself on the device, often spreading across the network to other systems.

Ransomware 52

Ransomware HIPAA 52

Compliancy Group

JANUARY 18, 2022

Hacking, phishing attacks, and ransomware can effectively cripple your business and cost you resources and reputation. But the best tool to prevent small practice cybercrime can be as basic as having a truly effective HIPAA compliance strategy. The most common “download and start” version used by so many people is not HIPAA compliant.

HIPAA 52

HIPAA Compliance Ransomware Malpractice 52

HIPAA Journal

JULY 7, 2023

The exploit “smashes the heap, connects back to an attacker-controlled server, downloads a BusyBox binary and opens an interactive shell,” said the researchers. The post More Than 300,000 Fortinet Firewalls Still Vulnerable to Critical FortiOS RCE Vulnerability appeared first on HIPAA Journal.

Ransomware 99

Ransomware HIPAA 99

Healthcare IT Today

JUNE 12, 2024

Federal guidelines like the Health Insurance Portability and Accountability Act (HIPAA) outline the responsibility of healthcare providers when it comes to creating, analyzing, and distributing Protected Health Information (PHI). In some cases, social engineering can be used as an avenue for ransomware and malware attacks.

US Department of Health and Human Services 124

US Department of Health and Human Services Ransomware Health Insurance HIPAA 124

HIPAA Journal

MARCH 29, 2023

During that time, the threat actor responsible downloaded files that contained sensitive information. The Clop ransomware gang claimed responsibility for these attacks, which resulted in data theft from 130+ organizations, including Community Health Systems. US Wellness Inc. GoAnywhere Hack Maryland-based US Wellness Inc.

Ransomware 120

Ransomware HIPAA Nurses 120

HIPAA Journal

SEPTEMBER 8, 2023

Just Kids Dental Suffers Ransomware Attack Acadia Health, LLC, doing business as Just Kids Dental, has started notifying 129,623 patients that some of their protected health information was stolen in an August 2, 2023, ransomware attack. Credit monitoring services are being offered to the affected individuals for 12 months at no cost.

Licensing 107

Licensing Ransomware Health Insurance HIPAA 107

HIPAA Journal

MARCH 8, 2023

Ransomware gangs in particular have seen profits take a nosedive, with ransom payments decreasing by 38% year-over-year as victims refuse to pay up, even when there is the threat of publication of stolen data. In 2022, ransomware attacks were still common, with LockBit and BlackCat the top ransomware families.

Ransomware 89

Ransomware Fraud HIPAA 89

Compliancy Group

APRIL 25, 2022

Even when you do the best you can to comply with HIPAA regulations, violations and breaches may occur. What happens after a HIPAA complaint is filed? Common Violation Examples – What Happens After a HIPAA Complaint is Filed? Common Violation Examples – What Happens After a HIPAA Complaint is Filed? Learn More! ×

HIPAA 52

HIPAA Compliance Ransomware 52