HIPAA Journal

DECEMBER 13, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has released analyses of two ransomware variants that are being used in attacks on the healthcare sector: LockBit 3.0 LockBit ransomware was first detected in September 2019 when it was known as ABCD ransomware. and has code similar to DarkSide and BlackMatter ransomware.

Ransomware 138

Ransomware HIPAA 138

HIPAA Journal

APRIL 26, 2023

Ransomware actors continue to target the U.S. The most commonly detected malware were droppers, downloaders, remote access tools (RATs), and ransomware. Emotet is capable of self-propagation and lateral movement and is used to deliver malware and ransomware payloads.

Ransomware 122

Ransomware HIPAA Hospitals 122

HIPAA Journal

AUGUST 15, 2022

Multiple ransomware groups have adopted the BazarCall callback phishing technique to gain initial access to victims’ networks, including threat actors that have targeted the healthcare sector. That action could be to visit a malicious website or download a malicious file.

Ransomware 145

Ransomware HIPAA 145

HIPAA Journal

MARCH 1, 2022

Ransomware attacks have recently been reported by four healthcare providers across the country, which have collectively resulted in the exposure and potential theft of the protected health information of more than 49,000 individuals. The post Four Healthcare Providers Hit with Ransomware Attacks appeared first on HIPAA Journal.

Ransomware 145

Ransomware Licensing HIPAA Health Insurance 145

HIPAA Journal

FEBRUARY 27, 2023

The healthcare and public health (HPH) sector has been warned about cyberattacks involving MedusaLocker ransomware – one of the lesser-known ransomware variants used in cyberattacks on the sector. The ransomware variant was first detected in September 2019 and the group is thought to primarily target the HPH sector.

Ransomware 117

Ransomware Public Health HIPAA 117

HIPAA Journal

NOVEMBER 10, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has recently shared details of the tactics, techniques, and procedures associated with Venus ransomware attacks, and has made several recommendations on mitigations that healthcare organizations can implement to improve their defenses against attacks.

Ransomware 117

Ransomware HIPAA 117

HIPAA Journal

MARCH 16, 2023

The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence information about the Black Basta ransomware group to help network defenders prevent and rapidly detect attacks in progress. The Black Basta group was first identified in April 2022 and is known to conduct ransomware and extortion attacks.

Ransomware 117

Ransomware HIPAA Governance 117

HIPAA Journal

MARCH 9, 2023

A joint cybersecurity advisory has been published by CISA and the FBI, sharing details of the tactics, techniques, and procedures (TTPs) used by the Royal ransomware gang and Indicators of Compromise (IoCs) to help network defenders better protect against attacks. Full IoCs and TTPs are detailed in the cybersecurity alert.

Ransomware 103

Ransomware Public Health HIPAA 103

HIPAA Journal

MAY 18, 2023

A joint cybersecurity alert has been issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) about the BianLian ransomware and data extortion group.

Ransomware 113

Ransomware Public Health HIPAA 113

HIPAA Journal

MARCH 10, 2022

The Austin, TX-based cloud hosting and data storage company DataHEALTH has announced it was the victim of a ransomware attack on November 3, 2021. The malware was detected on or around August 9, 2021, with the investigation confirming the malware was downloaded onto its systems on July 27, 2021. DataHealth. Dr. Douglas C.

Ransomware 140

Ransomware Licensing Health Insurance HIPAA 140

HIPAA Journal

JANUARY 27, 2023

Des Plaines, IL-based Lutheran Social Services of Illinois, one of the largest providers of social services in the state, has announced that its systems were compromised and ransomware was used to encrypt files. Both healthcare organizations were recently added to the data leak site of the BlackCat ransomware group.

Ransomware 107

Ransomware HIPAA Fraud Licensing 107

HIPAA Journal

NOVEMBER 9, 2023

The Cyber Division of the Federal Bureau of Investigation (FBI) has issued a private industry notification that includes details of emerging techniques that are being used by ransomware gangs to gain initial access to victims’ networks. This type of attack is known as callback phishing and has been popular with ransomware gangs since 2022.

Ransomware 100

Ransomware HIPAA 100

HIPAA Journal

JANUARY 16, 2023

The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence on two sophisticated and aggressive ransomware operations – Blackcat and Royal – which pose a significant threat to the healthcare and public health (HPH) sector. Royal is now the most active ransomware operation, having surpassed Lockbit.

Ransomware 84

Ransomware Public Health HIPAA Hospitals 84

Compliancy Group

JUNE 29, 2022

Download the free cybersecurity eBook to get tips on protecting your patient information. Eye Care’s myCare Integrity solution was hacked via a ransomware attack on December 4, 2021. . During one week in mid-July alone, five eye care providers reported that patient data had been compromised by the ransomware attack.

Ransomware 98

Ransomware Electronic Medical Records HIPAA Health Insurance 98

Healthcare IT Today

MARCH 27, 2025

Traditional, perimeter-based security modelswhich the duo jokingly call 1999 architectureconstructed protective walls around networks but often couldnt adapt to todays threats like phishing, ransomware, and advanced malware. Baker and Hajny emphasize the Zero Trust Hospital books ( Did I mention you can download them for FREE? )

Hospitals 64

Hospitals Ransomware 64

HIPAA Journal

NOVEMBER 17, 2022

Salud Family Health Provides Update on September 2022 Ransomware Attack. The breach was reported to the HHS’ Office for Civil Rights using a placeholder of 501 and that figure has yet to be updated on the OCR breach portal; however, the threat actor behind the attack – the Lorenz ransomware group – has dumped a sample of the files online.

Ransomware 81

Ransomware Health Insurance Fraud HIPAA 81

HIPAA Journal

MARCH 12, 2025

A new report from the cyber insurance and security services provider Coalition has revealed the most common initial access vectors in ransomware attacks. Compromised credentials for a Citrix panel without multifactor authentication enabled a BlackCat ransomware to breach Change Healthcare’s network in February 2024.

Ransomware 60

Ransomware HIPAA 60

HIPAA Journal

JUNE 14, 2023

The group is financially motivated and often engages in data theft for extortion, with or without ransomware. FIN11 often deploys CLOP ransomware in its attacks, although it is unclear exactly how many CLOP ransomware attacks FIN11 has conducted. FIN11 also targeted HPH sector organizations during the COVID-19 pandemic.

Ransomware 103

Ransomware COVID-19 Public Health HIPAA 103

HIPAA Journal

AUGUST 12, 2022

The emails have an Evernote-themed lure to trick recipients into downloading a Trojan file that generates a login prompt to steal credentials. The link included in the email directs the user to the Evernote site, where they are prompted to download an HTML file – called message (3).html. Evernote Phishing Campaign. Source: HC3.

Ransomware 114

Ransomware HIPAA 114

Healthcare IT News - Telehealth

JANUARY 13, 2021

Cybersecurity breaches such as ransomware have already plagued healthcare organizations prior to the pandemic, and these incidents have increased in intensity and frequency during the pandemic - in many instances, crippling critical infrastructure systems and compromising the integrity of patient records.

COVID-19 146

COVID-19 Ransomware Telemedicine Hospitals 146

Compliancy Group

JANUARY 31, 2025

Change Healthcare Ransomware is the name of the game. Change Healthcare was the victim of a ransomware attack in February 2024 in which the BlackCat/ALPHV ransomware group exfiltrated 190 million patient records. Ascension Health In another large-scale ransomware attack, Ascension Health was targeted by a Black Basta attack.

Ransomware 52

Ransomware HIPAA Medicare Medicare 52

HIT Consultant

OCTOBER 4, 2023

More ransomware attacks targeted healthcare in 2022 than any other critical infrastructure sector, according to the FBI’s Internet Crime Complaint Center (IC3). However, there are gaps where more can be done to better protect against ransomware.

Ransomware 69

Ransomware Hospitals Doctors Nurses 69

HIPAA Journal

MAY 9, 2023

In January 2023 , NextGen was added to the data leak site of the BlackCat ransomware group, although the listing was later taken down. The incident was investigated and a spokesman for NextGen said no patient data had been exposed or downloaded, and consequently this was not a reportable data breach.

Ransomware 122

Ransomware HIPAA Doctors 122

HIPAA Journal

JULY 3, 2024

has confirmed that patient data has been compromised in a cyberattack, and the Monti ransomware group has claimed responsibility for a cyberattack on Wayne Memorial Hospital. The hospital has been added to the Monti group’s data leak site, but no data is currently listed for download.

Ransomware 126

Ransomware Health Insurance Hospitals HIPAA 126

Healthcare IT News - Telehealth

MAY 17, 2022

In many cases the devices and wearables used by patients do not transmit data directly to the care-delivery organization, which helps to mitigate against the risk of malware, ransomware or other malicious software. Phishing and ransomware are the most significant security incidents, and a hot target.

Ransomware 170

Ransomware HIPAA Hospitals 170

HIPAA Journal

MARCH 30, 2023

Ransomware and phishing continue to be the biggest cybersecurity concerns for healthcare organizations according to the February 2023 Current and Emerging Healthcare Cyber Threat Landscape report from Health-ISAC. Ransomware was the biggest concern for 2022 and 2023 with phishing and spear phishing in second.

Ransomware 111

Ransomware Fraud Governance Medical Billing 111

HIPAA Journal

AUGUST 4, 2023

Ransomware and information stealing malware were highly prevalent. Amadey has information stealing capabilities and is often used to perform reconnaissance before downloading additional malicious payloads. The RedLine information stealer and the Amadey bot were regularly blocked threats.

Ransomware 98

Ransomware Governance HIPAA 98

Healthcare IT Today

MARCH 23, 2023

While there are many tools and best practices to protect against ransomware, such as ensuring backups are segregated from production, proper incident response, file integrity monitoring, etc., From there, the hackers were able to infect the entire network with ransomware. How did it start?

Ransomware 141

Ransomware Hospitals Health Insurance HIPAA 141

HIPAA Journal

DECEMBER 1, 2022

An unauthorized individual was found to have gained access to its network and downloaded files containing the protected health information of 45,785 patients. Health Plan Member Data Potentially Compromised in Innovative Service Technology Management Services Ransomware Attack.

Health Insurance 114

Health Insurance Ransomware HIPAA Governance 114

HIPAA Journal

MARCH 27, 2023

Devices can be lost or stolen, they may connect to unsecured Wi-Fi networks, and software and applications may have vulnerabilities that can be exploited, resulting in unauthorized network access or the downloading of malware or ransomware. You can access/download the HC3 mobile device security checklist here (PDF).

Ransomware 107

Ransomware HIPAA Hospitals 107

HIPAA Journal

MARCH 3, 2023

Phishing is one of the most commonly used initial access vectors in cyberattacks, commonly leading to costly account compromises, data breaches, and ransomware attacks. One-third of working adults were unable to define malware, phishing, and ransomware, and there has been little change in understanding since 2021.

Ransomware 141

Ransomware HIPAA 141

HIPAA Journal

APRIL 24, 2024

While state-sponsored threat actors continue to target zero-day flaws, especially China-nexus threat actors, ransomware and data extortion groups are increasingly acquiring and utilizing 0days, helped by the rise of commercially available turnkey exploit kits.

Ransomware 113

Ransomware HIPAA Hospitals 113

HIPAA Journal

MARCH 8, 2023

Ransomware gangs in particular have seen profits take a nosedive, with ransom payments decreasing by 38% year-over-year as victims refuse to pay up, even when there is the threat of publication of stolen data. In 2022, ransomware attacks were still common, with LockBit and BlackCat the top ransomware families.

Ransomware 104

Ransomware Fraud HIPAA 104

HIPAA Journal

MARCH 18, 2022

Coveware’s Q2, 2021 Quarterly Ransomware Report suggests 42% of ransomware attacks in the quarter saw initial network access gained via phishing emails. ransomware, phishing) and how to respond,” said OCR. Prevention of Phishing. Phishing is one of the commonest ways that cyber actors gain a foothold in healthcare networks.

HIPAA 142

HIPAA Compliance Ransomware Healthcare information Technology 142

HIPAA Journal

OCTOBER 10, 2022

Threat actors leverage software tools that have already been installed to avoid having to download files via the Internet, malicious activities can be hidden within the logs along site legitimate use of these tools, and these tools are used to conduct malicious activities in the memory to evade security solutions.

Ransomware 111

Ransomware Public Health HIPAA 111

HIPAA Journal

NOVEMBER 8, 2023

Mulkay Cardiology Consultants at Holy Name Medical Center has recently confirmed that it fell victim to a ransomware attack. Ransomware Gangs Claim Responsibility for Attacks on Healthcare Providers The following healthcare providers have recently been added to the data leak sites of ransomware groups. Summit Health (LockBit 3.0)

Ransomware 114

Ransomware Licensing Health Insurance HIPAA 114

HIPAA Journal

JULY 7, 2023

TrueBot is a downloader/botnet malware that establishes a connection with its command-and-control server, collects information on compromised systems, and is used for launching more extensive attacks on compromised networks. FIN11 has been using TrueBot malware to deploy Clop ransomware on victims’ networks.

Ransomware 107

Ransomware HIPAA 107