HIPAA Journal

JANUARY 3, 2023

Ransomware attacks continue to be conducted on healthcare organizations in high numbers but determining the extent to which healthcare organizations are being targeted by ransomware gangs is a challenge. Out of the 24 confirmed attacks on hospitals, data theft occurred in 17 of those attacks (68%).

Ransomware 126

Ransomware Hospitals HIPAA Governance 126

HIPAA Journal

FEBRUARY 16, 2022

Family Christian Health Center (FCHC) in Illinois has announced it was the victim of a ransomware attack in November 2021 that compromised the protected health information of 31,000 patients. Patient Data Potentially Compromised in Jackson County Hospital Ransomware Attack.

Ransomware 132

Ransomware Hospitals Licensing HIPAA 132

HIPAA Journal

JANUARY 11, 2023

Healthcare ransomware attacks have at least doubled in the past 5 years, data recovery from backups has decreased, and it is now common for data to be stolen and publicly released following a successful attack, according to a new analysis recently published in the JAMA Health Forum. Out of the 374 confirmed ransomware attacks, only 20.6%

Ransomware 132

Ransomware HIPAA Hospitals 132

HIPAA Journal

JANUARY 5, 2023

Back in June 2022 , HIPAA Journal reported on a cyberattack on Fitzgibbon Hospital in Marshall, MO, after being contacted directly by a spokesperson for a threat group called DAIXIN Team, who claimed responsibility for the attack. Howard Memorial Hospital Announces December 2022 Cyberattack.

Ransomware 120

Ransomware Hospitals HIPAA Licensing 120

HIPAA Journal

JUNE 27, 2023

In March 2023, Atlantic General Hospital notified the Maine Attorney General that it had fallen victim to a ransomware attack in which the protected health information of 30,704 individuals was exposed; however, the ransomware attack was far more extensive than was previously thought and the total has been upwardly revised to 136,981 individuals.

Ransomware 114

Ransomware Hospitals Health Insurance HIPAA 114

Healthcare IT Today

JANUARY 30, 2025

Cyberattacks are becoming increasingly sophisticated, and many cybercriminals are specifically targeting hospitals and health systems. Regularly Assessed and Exercised Culture is vital to any hospital and health systems business resilience efforts. Healthcare delivery organizations business resilience efforts must evolve accordingly.

Hospitals 76

Hospitals Compliance Governance Ransomware 76

HIPAA Journal

JUNE 14, 2023

Ransomware attacks can cause healthcare facilities to temporarily close and small healthcare practices have made the decision not to reopen after a ransomware attack, but hospitals and health systems are usually financially resilient enough to remediate the attacks and recover, but not St. Margaret’s Hospital – Peru.

Ransomware 107

Ransomware Hospitals COVID-19 HIPAA 107

HIPAA Journal

APRIL 5, 2023

Montgomery General Hospital in West Virginia has suffered a cyberattack that saw unauthorized individuals gain access to its IT systems on or around February 28, 2023, and deploy ransomware on or around March 1, 2023. The post Montgomery General Hospital Suffers Ransomware Attack and Data Leak appeared first on HIPAA Journal.

Ransomware 103

Ransomware Hospitals Electronic Medical Records HIPAA 103

HIT Consultant

AUGUST 29, 2024

Chris Bowen, Founder and CISO, ClearDATA The recent $50 million initiative announced by the Advanced Research Projects Agency for Health (ARPA-H) can’t hurt in the ongoing battle against ransomware in the healthcare sector. Major organizations like Change Healthcare and Ascension have faced significant disruptions due to these breaches.

Ransomware 110

Ransomware Hospitals Compliance Health Insurance 110

HIPAA Journal

AUGUST 17, 2022

According to the breach notification sent to the California Attorney General, Practice Resources was the victim of a ransomware attack on April 12, 2022. Community Memorial Hospital, Inc. Crouse Health Hospital, Inc. Soldiers & Sailors Memorial Hospital—Physician Practices. Achieve Physical Therapy, PC.

Ransomware 143

Ransomware HIPAA Hospitals Health Insurance 143

HIPAA Journal

JUNE 23, 2023

Ransomware attacks on hospitals cause major disruption to healthcare operations over several weeks. Ransomware attacks cause disruption to workflows, increase wait times, and slow patient flow, which can increase patient transfers and complication rates and negatively affect patient outcomes.

Ransomware 124

Ransomware Hospitals HIPAA 124

Healthcare IT Today

OCTOBER 28, 2024

2023 was a record year, with 114 data breaches of 100,000 or more records reported to The HIPAA Journal. Ransomware attacks make up the bulk of incidents seen today. North America is a particularly popular target for ransomware attacks, having experienced 315 of the healthcare sector’s 379 ransomware attacks last year.

Ransomware 115

Ransomware Compliance Hospitals HIPAA 115

Healthcare IT Today

DECEMBER 22, 2023

Department of Health and Human Services (HHS) said it will update the HIPAA Security Rule in 2024 and will ask Congress for new laws and resources to increase civil money penalties for HIPAA violations, increase HIPAA enforcement, and conduct proactive audits.

HIPAA 130

HIPAA Ransomware Compliance Hospitals 130

HIPAA Journal

MAY 25, 2023

CommonSpirit Health has provided an updated estimate on the cost of its October 2022 ransomware attack, which is expected to increase to $160 million. The ransomware attack was detected by CommonSpirit Health on October 2, 2022, forcing systems to be taken offline. billion, and $25.6 billion for the 9 months to March 31.

Ransomware 126

Ransomware HIPAA Hospitals 126

HIPAA Journal

MARCH 15, 2023

Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware attacks on critical infrastructure entities. The program is focused on identifying vulnerabilities in Internet-facing systems that are known to have been exploited by ransomware gangs in previous attacks.

Ransomware 120

Ransomware Governance HIPAA Hospitals 120

HIPAA Journal

DECEMBER 30, 2022

A settlement has been proposed by Scripps Health to resolve a consolidated class action lawsuit – In Re: Scripps Health Data Incident Litigation – to resolve all claims related to its 2021 ransomware attack. The attack caused major disruption at Scripps Health hospitals. The deadline for submitting claims is March 23, 2023.

Ransomware 127

Ransomware HIPAA Licensing Doctors 127

Healthcare IT Today

MAY 16, 2024

While it’s amazing to consider two breaches and ransomware incidents the size of Change Healthcare and Ascension could happen so closely together, it’s very clear that healthcare is a target and we need to massively increase our investment in security to show we’ve learned from these experiences.

Ransomware 126

Ransomware US Department of Health and Human Services Hospitals Compliance 126

HIPAA Journal

FEBRUARY 10, 2023

Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Department of Health and Human Services (HHS), and the Republic of Korea’s Defense Security Agency and National Intelligence Service warning of state-sponsored North Korean (DPRK) ransomware attacks on U.S.

Ransomware 111

Ransomware US Department of Health and Human Services HIPAA Hospitals 111

Healthcare It News

MAY 2, 2024

UnitedHealth Group CEO Andrew Witty testified on May 1 before both the House and Senate about the seismic February 21 cyberattack of UHG subsidiary Change Healthcare, which was infiltrated by the ALPHV ransomware gang. The particular ransomware attack made prime and backups inoperable.

US Department of Health and Human Services 342

US Department of Health and Human Services HIPAA Ransomware Governance 342

HIPAA Journal

MARCH 21, 2023

ransomware, also known as LockBit Black. The LockBit ransomware group has been in operation since at least September 2019 and is one of the most prolific ransomware groups. LockBit is a ransomware-as-a-service operation that recruits affiliates to conduct attacks in return for a cut of the ransoms they generate.

Ransomware 111

Ransomware Hospitals HIPAA 111

HIPAA Journal

MARCH 9, 2022

Requirements to implement HIPAA safeguards appear more often in the text of the Healthcare Insurance Portability and Accountability Act than is often acknowledged. There is also a section relating to the Organization Requirements of the Privacy and Security Rules – both of which include further HIPAA safeguards.

HIPAA 122

HIPAA Due Diligence Ransomware Compliance 122

Becker's Health IT

SEPTEMBER 3, 2024

based Atlantic General Hospital agreed to pay a $2.25 million settlement to resolve a data breach lawsuit stemming from a January 2023 ransomware attack against the system, according to The HIPAA Journal. Berlin, Md.-based

Hospitals 109

Hospitals Ransomware HIPAA 109

HIPAA Journal

MARCH 23, 2023

Ransomware gangs are increasingly skipping file encryption and are concentrating on data theft and extortion, according to a recent report from Palo Alto Networks’ Unit 42 team. In the second half of 2021 and throughout 2022, around 1 in 10 attacks by ransomware gangs did not involve file encryption, only data theft and extortion.

Ransomware 103

Ransomware HIPAA Hospitals 103

HIPAA Journal

APRIL 30, 2024

The medical device manufacturer Livanova, the Massachusetts community behavioral health center Aspire Health Alliance, and Santa Rosa Behavioral Healthcare Hospital in California have experienced ransomware attacks that exposed patient data. The LockBit ransomware group claimed responsibility for the attack.

Ransomware 107

Ransomware Licensing Health Insurance HIPAA 107

Healthcare IT Today

APRIL 4, 2024

That’s why we were particularly interested in this session at HIMSS 2024 that looked at how to create a HIPAA-Compliant BYOD program which balanced the security needs of a healthcare organization while still meeting the workflow needs of their users. Million in HIPAA fines. Plus, healthcare has up to $1.5

HIPAA 129

HIPAA Ransomware Hospitals 129

HIPAA Journal

MARCH 10, 2022

Duncan Regional Hospital. Duncan Regional Hospital in Oklahoma has announced that hackers gained access to its systems and potentially exfiltrated sensitive patient and employee information. The Austin, TX-based cloud hosting and data storage company DataHEALTH has announced it was the victim of a ransomware attack on November 3, 2021.

Ransomware 140

Ransomware Licensing Health Insurance HIPAA 140

HIPAA Journal

SEPTEMBER 13, 2022

Over the Labor Day weekend, Oakbend Medical Center in Richmond, TX, suffered a ransomware attack. Daixin Team is a relatively new threat group that is known to attack hospitals. In June 2022, the group conducted an attack on Fitzgibbon Hospital in Missouri and stole and published files containing sensitive patient data.

Ransomware 106

Ransomware HIPAA Doctors Governance 106

HIPAA Journal

FEBRUARY 2, 2024

The LockBit ransomware gang has added Chicago’s Saint Anthony Hospital to its data leak site and is demanding a ransom payment of almost $900,000 from the nonprofit hospital to prevent the release of the stolen data. The LockBit group has previously claimed that it prohibits affiliates from attacking hospitals.

Ransomware 89

Ransomware US Department of Health and Human Services Hospitals Electronic Medical Records 89

HIPAA Journal

DECEMBER 23, 2022

It has been another bad year for healthcare data breaches, with some of the biggest HIPAA breaches of 2022 resulting in the impermissible disclosure of well over a million records. The Biggest HIPAA Breaches of 2022. The 12 biggest HIPAA breaches of 2022 affected almost 22.66 OneTouch Point – Ransomware Attack Involving 4.11

HIPAA 106

HIPAA Ransomware Health Insurance Compliance 106

HIPAA Journal

MAY 25, 2023

A recent study has confirmed that healthcare cyberattacks not only cause disruption at the organization that experiences an attack but also at emergency departments at neighboring hospitals, where patients face longer wait times due to increased patient numbers which place a strain on resources. increase in mean ambulance arrivals, a 6.7%

Hospitals 120

Hospitals Ransomware Electronic Medical Records HIPAA 120

HIPAA Journal

MARCH 31, 2023

New York Presbyterian Hospital has reported a 54K-record data breach due to website tracking tools, ransomware attacks have been reported by Atlantic Dialysis Management Services and American Pain & Wellness, and there has been an impermissible disclosure of PHI by a former New Medical Health Care employee.

Hospitals 117

Hospitals Ransomware HIPAA Health Insurance 117

Compliancy Group

MAY 27, 2022

Here’s a roundup of recent HIPAA breach lawsuits and settlements. Lawsuits Increasing Following HIPAA Breaches – Facts and Figures. 35% of healthcare breaches involved ransomware attacks, vs. 20% in 2020. The average ransomware payment for healthcare was $875,784, about one-third less than the 2020 payment.

HIPAA 98

HIPAA Ransomware Hospitals Compliance 98

HIPAA Journal

NOVEMBER 18, 2022

The Hive ransomware-as-a-service (RaaS) operation first emerged in June 2021 and has aggressively targeted the health and public health sector (HPH) and continues to do so. The attacks put patient safety at risk and have forced hospitals to divert ambulances, cancel surgeries, postpone appointments, and close urgent care units.

Ransomware 131

Ransomware Public Health HIPAA Hospitals 131

HIPAA Journal

JANUARY 27, 2023

Des Plaines, IL-based Lutheran Social Services of Illinois, one of the largest providers of social services in the state, has announced that its systems were compromised and ransomware was used to encrypt files. This coincides with the 60-day reporting deadline of the HIPAA Breach Notification Rule.

Ransomware 107

Ransomware HIPAA Fraud Licensing 107

HIPAA Journal

DECEMBER 9, 2022

CommonSpirit Health has confirmed that the protected health information of at least 623,774 patients was exposed and potentially stolen in its October 2022 ransomware attack. Michael Medical Center (formerly Harrison Hospital), St. Anne Hospital (formerly Highline Hospital), St. Anthony Hospital, St.

Ransomware 103

Ransomware Electronic Medical Records HIPAA Hospitals 103

HIPAA Journal

JUNE 12, 2023

The Pennsylvania-based business administration service provider, Onix Group, was the victim of a ransomware attack on March 27, 2023. The review of the files confirmed they contained the data of patients of healthcare clients Addiction Recovery Systems, Cadia Healthcare, Physician’s Mobile X-Ray, and Onix Hospitality Group.

Ransomware 101

Ransomware HIPAA Hospitals 101

Healthcare IT Today

APRIL 1, 2021

As the dust settles on 2020, it’s become clear that this was an unbelievably bad year for healthcare ransomware attacks. billion in ransomware expenses, according to a new estimate. In fact, it was a year that cost organizations $20.8 Worse, there is no future relief in sight.

Ransomware 124

Ransomware HIPAA Hospitals 124