Compliancy Group

SEPTEMBER 27, 2024

With Cybersecurity Awareness Month looming, data security should be top of mind for any organization that handles sensitive information. This is further highlighted by the announcement of the most recent Office for Civil Rights (OCR) settlement involving a ransomware incident.

Ransomware 52

Ransomware HIPAA Compliance 52

HIPAA Journal

JANUARY 11, 2023

Healthcare ransomware attacks have at least doubled in the past 5 years, data recovery from backups has decreased, and it is now common for data to be stolen and publicly released following a successful attack, according to a new analysis recently published in the JAMA Health Forum. Out of the 374 confirmed ransomware attacks, only 20.6%

Ransomware 134

Ransomware HIPAA Hospitals 134

HIPAA Journal

APRIL 22, 2024

At this stage, Octapharma has yet to provide any further details about the attack, such as whether ransomware was used to encrypt files, and said further information will be released as the investigation progresses. BlackSuit is a relatively new ransomware operation that was discovered in May 2023.

Ransomware 115

Ransomware HIPAA Public Health Governance 115

HIPAA Journal

JUNE 29, 2022

On June 25, 2022, a spokesperson for a threat group called DAIXIN Team contacted HIPAA Journal to share information about a ransomware attack and data theft incident at Fitzgibbon Hospital in Marshall, Missouri. DAIXIN Team was previously not known to HIPAA Journal and appears to be a new ransomware group.

Ransomware 138

Ransomware Hospitals HIPAA Health Insurance 138

HIT Consultant

AUGUST 29, 2024

Chris Bowen, Founder and CISO, ClearDATA The recent $50 million initiative announced by the Advanced Research Projects Agency for Health (ARPA-H) can’t hurt in the ongoing battle against ransomware in the healthcare sector. About Chris Bowen Chris is the Founder and Chief Information Security Officer at ClearDATA.

Ransomware 110

Ransomware Hospitals Compliance Health Insurance 110

Compliancy Group

APRIL 4, 2023

One such case is the Community Health Systems (CHS) C10P Ransomware attack, which affected millions of patients and resulted in a multistate HIPAA settlement. ​​No No one is protected from HIPAA violation double jeopardy. What is Ransomware? Become HIPAA Compliant × Get HIPAA Compliant! Find Out More!

Ransomware 52

Ransomware HIPAA Compliance 52

Healthcare IT Today

DECEMBER 22, 2023

Department of Health and Human Services (HHS) said it will update the HIPAA Security Rule in 2024 and will ask Congress for new laws and resources to increase civil money penalties for HIPAA violations, increase HIPAA enforcement, and conduct proactive audits.

HIPAA 121

HIPAA Ransomware Compliance Hospitals 121

HIPAA Journal

MARCH 10, 2023

Codman Square Health Center in Boston, MA, has confirmed that it was the victim of a ransomware attack in November 2022 in which hackers gained access to the protected health information of 10,161 current and former patients. The post Ransomware Attack Announced by Codman Square Health Center appeared first on HIPAA Journal.

Ransomware 132

Ransomware HIPAA 132

HIPAA Journal

APRIL 30, 2024

The medical device manufacturer Livanova, the Massachusetts community behavioral health center Aspire Health Alliance, and Santa Rosa Behavioral Healthcare Hospital in California have experienced ransomware attacks that exposed patient data. The LockBit ransomware group claimed responsibility for the attack.

Ransomware 109

Ransomware Licensing Health Insurance HIPAA 109

Compliancy Group

FEBRUARY 23, 2024

The HHS settlement, resulting from an investigation into a 2019 ransomware attack, requires the behavioral health provider to pay $40,000, implement a corrective action plan, and submit to three years of OCR monitoring. In October 2023, HHS settled its first ransomware investigation with a business associate for $100,000.

Ransomware 52

Ransomware HIPAA Compliance 52

HIPAA Journal

DECEMBER 5, 2022

The Cuba ransomware group has increased attacks in the United States, with attacks doubling since December 2021, and ransom payments are also on the rise. According to CISA and the FBI, there are similarities between the infrastructure used by the Cuba ransomware operation and the RomCom RAT and Industrial Spy ransomware actors.

Ransomware 132

Ransomware Public Health HIPAA Governance 132

HIPAA Journal

NOVEMBER 23, 2022

Doctors’ Center Hospital in Puerto Rico has recently notified the Department of Health and Human Services’ Office for Civil Rights (OCR) that it has experienced a hacking/IT incident in which the protected health information of 1,195,220 patients has potentially been compromised. Million Patients appeared first on HIPAA Journal.

Ransomware 140

Ransomware Hospitals Doctors HIPAA 140

HIPAA Journal

DECEMBER 8, 2022

The New York ambulance service, Empress EMS, is facing multiple class action lawsuits over a ransomware attack that was detected on July 14, 2022. The Hive ransomware group was behind the attack, and as per the group’s modus operandi , after gaining access to the network, sensitive files were stolen, then files were encrypted.

Ransomware 121

Ransomware HIPAA Fraud 121

HIPAA Journal

MARCH 29, 2024

It has been more than 5 weeks since Change Healthcare suffered a Blackcat ransomware attack. While it is currently unclear what types of data were stolen in the attack, UnitedHealth Group said personally identifiable health information, eligibility and claims information, and financial information are likely to have been compromised.

Ransomware 99

Ransomware US Department of Health and Human Services HIPAA Hospitals 99

HIPAA Journal

AUGUST 29, 2022

EmergeOrtho, a North Carolina orthopedic practice, has recently notified 75,200 patients that some of their protected health information has been accessed by unauthorized individuals. According to EmergeOrtho’s substitute breach notice, a sophisticated ransomware attack was detected and blocked on May 18, 2022.

Ransomware 132

Ransomware HIPAA 132

HIPAA Journal

APRIL 26, 2023

Ransomware actors continue to target the U.S. The most commonly detected malware were droppers, downloaders, remote access tools (RATs), and ransomware. Emotet is capable of self-propagation and lateral movement and is used to deliver malware and ransomware payloads.

Ransomware 125

Ransomware HIPAA Hospitals 125

HIPAA Journal

JULY 4, 2022

According to the company’s substitute breach notice, a sophisticated ransomware attack was detected and blocked on February 26, 2022; however, not in time to prevent some of its computer systems from being disabled. Third-party forensics specialists were engaged to investigate the breach and provide assistance with securing its environment.

Ransomware 139

Ransomware HIPAA Health Insurance Governance 139

HIPAA Journal

MAY 23, 2024

A Texas ophthalmology practice has experienced a ransomware attack that resulted in the encryption of files on its computer systems. The attack affected Victoria Surgery Center, Victoria Eye Center , and Victoria Vision Center and involved the personal and protected health information of 80,122 individuals.

Ransomware 91

Ransomware Licensing HIPAA 91

HIPAA Journal

DECEMBER 9, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare and public health (HPH) sector about Royal ransomware attacks. Royal ransomware is a new ransomware threat that was first observed being used in attacks in September 2022. Both will prevent files from being opened.

Ransomware 133

Ransomware HIPAA Public Health 133

HIPAA Journal

MAY 25, 2023

CommonSpirit Health has provided an updated estimate on the cost of its October 2022 ransomware attack, which is expected to increase to $160 million. The ransomware attack was detected by CommonSpirit Health on October 2, 2022, forcing systems to be taken offline. The lawsuit was filed in December 2022 in the U.S.

Ransomware 129

Ransomware HIPAA Hospitals 129

HIPAA Journal

JUNE 27, 2023

In March 2023, Atlantic General Hospital notified the Maine Attorney General that it had fallen victim to a ransomware attack in which the protected health information of 30,704 individuals was exposed; however, the ransomware attack was far more extensive than was previously thought and the total has been upwardly revised to 136,981 individuals.

Ransomware 117

Ransomware Hospitals Health Insurance HIPAA 117

HIPAA Journal

MAY 25, 2022

Social Action Community Health System (SAC Health) has recently notified 149,940 patients that documents containing their protected health information were stolen in a break-in at an off-site storage location where patient records were stored. Bryan County Ambulance Authority Ransomware Attack Affects 14,000 Patients.

Ransomware 138

Ransomware Fraud HIPAA Licensing 138

HIPAA Journal

SEPTEMBER 12, 2023

Seymour, IN-based Schneck Medical Center has settled a lawsuit with the Indiana attorney general, Todd Rokita, over a 2021 ransomware attack and data breach that affected 89,707 Indiana residents. Schneck Medical Center Compensates Patients for Losses Schneck Medical Center has also recently settled a consolidated class action lawsuit for $1.3

HIPAA 105

HIPAA Ransomware Health Insurance Fraud 105

HIPAA Journal

JUNE 13, 2022

Yuma Regional Medical Center (YRMC) in Arizona has announced it was the victim of a ransomware attack in April in which the attackers obtained the protected health information of approximately 700,000 current and former patients. Ransomware attacks often result in the exposure of stolen data if the ransom is not paid.

Ransomware 136

Ransomware Electronic Medical Records HIPAA Health Insurance 136

HIPAA Journal

JANUARY 3, 2023

Ransomware attacks continue to be conducted on healthcare organizations in high numbers but determining the extent to which healthcare organizations are being targeted by ransomware gangs is a challenge. The decision whether or not to encrypt appears to be taken on an attack-by-attack basis.

Ransomware 129

Ransomware Hospitals HIPAA Governance 129

HIPAA Journal

NOVEMBER 10, 2022

The Health Sector Cybersecurity Coordination Center (HC3) has recently shared details of the tactics, techniques, and procedures associated with Venus ransomware attacks, and has made several recommendations on mitigations that healthcare organizations can implement to improve their defenses against attacks.

Ransomware 121

Ransomware HIPAA 121

HIPAA Journal

MARCH 15, 2023

Cybersecurity and Infrastructure Agency (CISA) has launched a new pilot program in response to the increase in ransomware attacks on critical infrastructure entities. The program is focused on identifying vulnerabilities in Internet-facing systems that are known to have been exploited by ransomware gangs in previous attacks.

Ransomware 112

Ransomware Governance HIPAA Hospitals 112

Healthcare IT Today

MAY 16, 2024

While it’s amazing to consider two breaches and ransomware incidents the size of Change Healthcare and Ascension could happen so closely together, it’s very clear that healthcare is a target and we need to massively increase our investment in security to show we’ve learned from these experiences.

Ransomware 117

Ransomware US Department of Health and Human Services Hospitals Compliance 117

HIPAA Journal

MARCH 1, 2022

Ransomware attacks have recently been reported by four healthcare providers across the country, which have collectively resulted in the exposure and potential theft of the protected health information of more than 49,000 individuals. Jax Spine & Pain Centers. Augustine locations prior to May 2018. Extend Fertility.

Ransomware 145

Ransomware Licensing HIPAA Health Insurance 145

HIPAA Journal

DECEMBER 30, 2022

A settlement has been proposed by Scripps Health to resolve a consolidated class action lawsuit – In Re: Scripps Health Data Incident Litigation – to resolve all claims related to its 2021 ransomware attack. The ransomware attack has proven to be incredibly costly for Scripps Health.

Ransomware 129

Ransomware HIPAA Licensing Doctors 129

HIPAA Journal

DECEMBER 15, 2022

It has now been confirmed that HMS suffered a ransomware attack on October 8, 2022. The information exposed and potentially stolen in the attack included names, addresses, birth dates, phone numbers, Social Security numbers, Medicare beneficiary identifiers, banking information, and Medicare entitlement, enrollment, and premium information.

Ransomware 121

Ransomware Medicare Medicare HIPAA 121

HIPAA Journal

NOVEMBER 23, 2022

The Rochester Hills, MI-based prosthetics, orthotics, and accessibility solution provider, Wright & Filippis, has recently announced that it was the victim of a ransomware attack on its network. The post 877,500 Individuals Affected by Ransomware Attack on Prosthetics & Orthotics Provider appeared first on HIPAA Journal.

Ransomware 126

Ransomware Fraud Licensing HIPAA 126

HIPAA Journal

MARCH 16, 2023

The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence information about the Black Basta ransomware group to help network defenders prevent and rapidly detect attacks in progress. The Black Basta group was first identified in April 2022 and is known to conduct ransomware and extortion attacks.

Ransomware 120

Ransomware HIPAA Governance 120

HIPAA Journal

AUGUST 3, 2022

The health insurer Aetna ACE is one of the latest healthcare organizations to announce it has been affected by a ransomware attack on a mailing vendor, which involved the protected health information of 326,278 plan members. The ransomware attack affected OneTouchPoint, which provides printing and mailing services for U.S.

Ransomware 143

Ransomware HIPAA Health Insurance 143

HIPAA Journal

JUNE 23, 2023

Ransomware attacks on hospitals cause major disruption to healthcare operations over several weeks. Ransomware attacks cause disruption to workflows, increase wait times, and slow patient flow, which can increase patient transfers and complication rates and negatively affect patient outcomes.

Ransomware 123

Ransomware Hospitals HIPAA 123

HIPAA Journal

MARCH 21, 2023

A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) about LockBit 3.0 ransomware, also known as LockBit Black. Ransomware appeared first on HIPAA Journal.

Ransomware 115

Ransomware Hospitals HIPAA 115

HIPAA Journal

APRIL 8, 2024

The Medusa ransomware group has leaked data stolen from American Renal Associates. American Renal Associates American Renal Associates (ARA), one of the largest providers of dialysis services in the United States and a provider of care for patients suffering from end-stage renal disease has experienced a Medusa ransomware attack.

Ransomware 84

Ransomware Health Insurance Licensing HIPAA 84