HIPAA Journal

FEBRUARY 27, 2023

The healthcare and public health (HPH) sector has been warned about cyberattacks involving MedusaLocker ransomware – one of the lesser-known ransomware variants used in cyberattacks on the sector. The ransomware variant was first detected in September 2019 and the group is thought to primarily target the HPH sector.

Ransomware 115

Ransomware HIPAA Public Health 115

HIPAA Journal

DECEMBER 13, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has released analyses of two ransomware variants that are being used in attacks on the healthcare sector: LockBit 3.0 LockBit ransomware was first detected in September 2019 when it was known as ABCD ransomware. and has code similar to DarkSide and BlackMatter ransomware.

Ransomware 135

Ransomware HIPAA 135

HIPAA Journal

NOVEMBER 10, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has recently shared details of the tactics, techniques, and procedures associated with Venus ransomware attacks, and has made several recommendations on mitigations that healthcare organizations can implement to improve their defenses against attacks.

Ransomware 118

Ransomware HIPAA 118

HIPAA Journal

MARCH 16, 2023

The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence information about the Black Basta ransomware group to help network defenders prevent and rapidly detect attacks in progress. The Black Basta group was first identified in April 2022 and is known to conduct ransomware and extortion attacks.

Ransomware 110

Ransomware HIPAA Governance 110

HIPAA Journal

JUNE 29, 2022

On June 25, 2022, a spokesperson for a threat group called DAIXIN Team contacted HIPAA Journal to share information about a ransomware attack and data theft incident at Fitzgibbon Hospital in Marshall, Missouri. DAIXIN Team was previously not known to HIPAA Journal and appears to be a new ransomware group.

Ransomware 127

Ransomware Hospitals HIPAA Health Insurance 127

HIPAA Journal

MAY 18, 2023

A joint cybersecurity alert has been issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) about the BianLian ransomware and data extortion group.

Ransomware 105

Ransomware HIPAA Public Health 105

Total Medical ComplianceHIPAA

NOVEMBER 11, 2024

HIPAA: How does ransomware spread? Ransomware commonly spreads through phishing emails, malicious attachments, or compromised websites. Once a user clicks on a link or downloads infected content, the ransomware installs itself on the device, often spreading across the network to other systems.

Ransomware 52

Ransomware HIPAA 52

HIPAA Journal

AUGUST 15, 2022

Multiple ransomware groups have adopted the BazarCall callback phishing technique to gain initial access to victims’ networks, including threat actors that have targeted the healthcare sector. That action could be to visit a malicious website or download a malicious file.

Ransomware 136

Ransomware HIPAA 136

HIPAA Journal

MARCH 1, 2022

Ransomware attacks have recently been reported by four healthcare providers across the country, which have collectively resulted in the exposure and potential theft of the protected health information of more than 49,000 individuals. The post Four Healthcare Providers Hit with Ransomware Attacks appeared first on HIPAA Journal.

Ransomware 143

Ransomware Licensing HIPAA Health Insurance 143

HIPAA Journal

JANUARY 16, 2023

The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence on two sophisticated and aggressive ransomware operations – Blackcat and Royal – which pose a significant threat to the healthcare and public health (HPH) sector. Royal is now the most active ransomware operation, having surpassed Lockbit.

Ransomware 86

Ransomware HIPAA Public Health Hospitals 86

HIPAA Journal

NOVEMBER 9, 2023

The Cyber Division of the Federal Bureau of Investigation (FBI) has issued a private industry notification that includes details of emerging techniques that are being used by ransomware gangs to gain initial access to victims’ networks. This type of attack is known as callback phishing and has been popular with ransomware gangs since 2022.

Ransomware 86

Ransomware HIPAA 86

HIT Consultant

OCTOBER 4, 2023

More ransomware attacks targeted healthcare in 2022 than any other critical infrastructure sector, according to the FBI’s Internet Crime Complaint Center (IC3). However, there are gaps where more can be done to better protect against ransomware.

Ransomware 69

Ransomware Hospitals Nurses Doctors 69

HIPAA Journal

JANUARY 27, 2023

Des Plaines, IL-based Lutheran Social Services of Illinois, one of the largest providers of social services in the state, has announced that its systems were compromised and ransomware was used to encrypt files. Both healthcare organizations were recently added to the data leak site of the BlackCat ransomware group.

Ransomware 101

Ransomware HIPAA Fraud Licensing 101

HIPAA Journal

NOVEMBER 17, 2022

Salud Family Health Provides Update on September 2022 Ransomware Attack. The breach was reported to the HHS’ Office for Civil Rights using a placeholder of 501 and that figure has yet to be updated on the OCR breach portal; however, the threat actor behind the attack – the Lorenz ransomware group – has dumped a sample of the files online.

Ransomware 84

Ransomware Health Insurance HIPAA Fraud 84

Compliancy Group

JUNE 29, 2022

Download the free cybersecurity eBook to get tips on protecting your patient information. Eye Care’s myCare Integrity solution was hacked via a ransomware attack on December 4, 2021. . During one week in mid-July alone, five eye care providers reported that patient data had been compromised by the ransomware attack.

Ransomware 98

Ransomware Electronic Medical Records HIPAA Compliance 98

HIPAA Journal

MARCH 10, 2022

The Austin, TX-based cloud hosting and data storage company DataHEALTH has announced it was the victim of a ransomware attack on November 3, 2021. The malware was detected on or around August 9, 2021, with the investigation confirming the malware was downloaded onto its systems on July 27, 2021. DataHealth. Dr. Douglas C.

Ransomware 133

Ransomware Licensing Health Insurance HIPAA 133

HIPAA Journal

JUNE 14, 2023

The group is financially motivated and often engages in data theft for extortion, with or without ransomware. FIN11 often deploys CLOP ransomware in its attacks, although it is unclear exactly how many CLOP ransomware attacks FIN11 has conducted. FIN11 also targeted HPH sector organizations during the COVID-19 pandemic.

Ransomware 95

Ransomware COVID-19 HIPAA Public Health 95

HIPAA Journal

AUGUST 4, 2023

Ransomware and information stealing malware were highly prevalent. Amadey has information stealing capabilities and is often used to perform reconnaissance before downloading additional malicious payloads. The RedLine information stealer and the Amadey bot were regularly blocked threats.

Ransomware 89

Ransomware Governance HIPAA 89

HIPAA Journal

JULY 3, 2024

has confirmed that patient data has been compromised in a cyberattack, and the Monti ransomware group has claimed responsibility for a cyberattack on Wayne Memorial Hospital. The hospital has been added to the Monti group’s data leak site, but no data is currently listed for download.

Ransomware 124

Ransomware Health Insurance Hospitals HIPAA 124

HIPAA Journal

AUGUST 12, 2022

The emails have an Evernote-themed lure to trick recipients into downloading a Trojan file that generates a login prompt to steal credentials. The link included in the email directs the user to the Evernote site, where they are prompted to download an HTML file – called message (3).html. Evernote Phishing Campaign. Source: HC3.

Ransomware 112

Ransomware HIPAA 112

HIPAA Journal

MAY 9, 2023

In January 2023 , NextGen was added to the data leak site of the BlackCat ransomware group, although the listing was later taken down. The incident was investigated and a spokesman for NextGen said no patient data had been exposed or downloaded, and consequently this was not a reportable data breach.

Ransomware 125

Ransomware HIPAA Doctors 125

HIPAA Journal

MARCH 30, 2023

Ransomware and phishing continue to be the biggest cybersecurity concerns for healthcare organizations according to the February 2023 Current and Emerging Healthcare Cyber Threat Landscape report from Health-ISAC. Ransomware was the biggest concern for 2022 and 2023 with phishing and spear phishing in second.

Ransomware 107

Ransomware Fraud Governance Medical Billing 107

HIPAA Journal

MARCH 27, 2023

Devices can be lost or stolen, they may connect to unsecured Wi-Fi networks, and software and applications may have vulnerabilities that can be exploited, resulting in unauthorized network access or the downloading of malware or ransomware. You can access/download the HC3 mobile device security checklist here (PDF).

Ransomware 109

Ransomware HIPAA Hospitals 109

HIPAA Journal

MAY 26, 2023

An updated version of the StopRansomware Guide has been published that includes further recommendations on actions that can be taken to reduce the risk of ransomware attacks. The updated StopRansomware Guide can be downloaded from CISA on this link.

Ransomware 58

Ransomware HIPAA Governance 58

HIPAA Journal

DECEMBER 1, 2022

An unauthorized individual was found to have gained access to its network and downloaded files containing the protected health information of 45,785 patients. Health Plan Member Data Potentially Compromised in Innovative Service Technology Management Services Ransomware Attack.

Health Insurance 113

Health Insurance Ransomware HIPAA Governance 113

HIPAA Journal

APRIL 24, 2024

While state-sponsored threat actors continue to target zero-day flaws, especially China-nexus threat actors, ransomware and data extortion groups are increasingly acquiring and utilizing 0days, helped by the rise of commercially available turnkey exploit kits.

Ransomware 105

Ransomware HIPAA Hospitals 105

HIPAA Journal

NOVEMBER 8, 2023

Mulkay Cardiology Consultants at Holy Name Medical Center has recently confirmed that it fell victim to a ransomware attack. Ransomware Gangs Claim Responsibility for Attacks on Healthcare Providers The following healthcare providers have recently been added to the data leak sites of ransomware groups. Summit Health (LockBit 3.0)

Ransomware 110

Ransomware Licensing Health Insurance HIPAA 110

HIPAA Journal

JULY 7, 2023

TrueBot is a downloader/botnet malware that establishes a connection with its command-and-control server, collects information on compromised systems, and is used for launching more extensive attacks on compromised networks. FIN11 has been using TrueBot malware to deploy Clop ransomware on victims’ networks.

Ransomware 108

Ransomware HIPAA 108

Healthcare IT Today

MARCH 23, 2023

While there are many tools and best practices to protect against ransomware, such as ensuring backups are segregated from production, proper incident response, file integrity monitoring, etc., From there, the hackers were able to infect the entire network with ransomware. How did it start?

Ransomware 140

Ransomware Hospitals Health Insurance HIPAA 140

HIPAA Journal

MARCH 8, 2023

Ransomware gangs in particular have seen profits take a nosedive, with ransom payments decreasing by 38% year-over-year as victims refuse to pay up, even when there is the threat of publication of stolen data. In 2022, ransomware attacks were still common, with LockBit and BlackCat the top ransomware families.

Ransomware 90

Ransomware Fraud HIPAA 90

HIPAA Journal

OCTOBER 10, 2022

Threat actors leverage software tools that have already been installed to avoid having to download files via the Internet, malicious activities can be hidden within the logs along site legitimate use of these tools, and these tools are used to conduct malicious activities in the memory to evade security solutions.

Ransomware 108

Ransomware HIPAA Public Health 108

HIT Consultant

AUGUST 7, 2024

These attacks most often lead to trojan horses, including ransomware, that are presently targeting the healthcare sector. As one of the most active ransomware-as-a-service (RaaS) threat actors today, Black Basta has set its sights on the healthcare sector, claiming responsibility for the recent attack on St.

Ransomware 116

Ransomware Fraud Hospitals Nurses 116

HIPAA Journal

JANUARY 31, 2024

Report: Security Breaches in Healthcare (Direct Download PDF, 1.9MB, 16 pages) An unwanted record was set in 2023 with 725 large security breaches in healthcare reported to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), beating the record of 720 healthcare security breaches set the previous year.

Ransomware 129

Ransomware HIPAA Hospitals Compliance 129

HIPAA Journal

JULY 7, 2023

The exploit “smashes the heap, connects back to an attacker-controlled server, downloads a BusyBox binary and opens an interactive shell,” said the researchers. Bishop Fox researchers then used an exploit to demonstrate the seriousness of the vulnerability.

Ransomware 100

Ransomware HIPAA 100

HIPAA Journal

MARCH 3, 2023

Phishing is one of the most commonly used initial access vectors in cyberattacks, commonly leading to costly account compromises, data breaches, and ransomware attacks. One-third of working adults were unable to define malware, phishing, and ransomware, and there has been little change in understanding since 2021.

Ransomware 134

Ransomware HIPAA 134

HIPAA Journal

SEPTEMBER 8, 2023

Just Kids Dental Suffers Ransomware Attack Acadia Health, LLC, doing business as Just Kids Dental, has started notifying 129,623 patients that some of their protected health information was stolen in an August 2, 2023, ransomware attack. Credit monitoring services are being offered to the affected individuals for 12 months at no cost.

Licensing 108

Licensing Ransomware Health Insurance HIPAA 108

HIPAA Journal

JUNE 8, 2023

The forensic investigation confirmed its systems had been accessed by an unauthorized individual between December 5, 2022, and December 21, 2022, and files had been downloaded. Alvaria confirmed in February that it was the victim of a Hive ransomware attack in November 2022. It is unclear if the two incidents are linked.

Ransomware 89

Ransomware Hospitals Medical Billing HIPAA 89