Ohio DNA Testing Company Alerts 2.1 Million People Concerning Breach of Personal Data

A DNA testing firm based in Ohio has lately announced a hacking incident that compromised the sensitive information of 2,102,436 people. DNA Diagnostics Center (DDC) stated it discovered suspicious network activity on August 6, 2021, and affirmed that unauthorized persons accessed and obtained data files from an archived data storage from May 24, 2021 to July 28, 2021.

Based on the data breach investigation, the attackers exfiltrated files that contained complete names, financial account numbers, debit/credit card numbers and CVV codes, platform account passwords, and Social Security numbers. The firm stated genetic testing information was kept on another system not accessible to the hackers. No information connected to its current operations had been exfiltrated during the cyberattack.

The database included backups created from 2004 to 2012 that were connected with a national genetic testing firm that DDC obtained in 2012. DDC stated that the legacy system accessed by the hackers was never utilized in DDC’s operations and it has been non-active way back in 2012. DDC didn’t share the identity of the genetic testing firm that gathered the information. It is probable that the people impacted by the data breach are not aware that DDC was keeping their personal data.

DDC explained files were copied from its systems and it is collaborating with third-party cybersecurity specialists to get back the stolen information and ensure the attackers don’t make any more disclosures. There is no ransomware involved in the attack, but it would seem that the attackers want some payment to delete the information.

DDC mentioned it is not aware of any actual or attempted patient data misuse, however, as a preventative measure against identity theft and fraud, it is offering affected persons one-year credit monitoring and identity theft protection service via Experian.

Breach notification letters were mailed to affected persons according to state regulations. DDC affirmed that the incident is not a reportable breach as per the Health Insurance Portability and Accountability Act (HIPAA).

33,000 Patients Affected by Ransomware Attack at Nationwide Laboratory Services

Nationwide Laboratory Services based in Boca Raton, FL, which Quest Diagnostics acquired last summer, had encountered a ransomware attack at the beginning of 2021.

Nationwide Laboratory Services discovered a systems breach on May 19, 2021. Ransomware encrypted files all through its system and prevented the access of files. Steps were promptly taken to control the ransomware attack. A third-party cybersecurity company helped with the investigation of the incident and remediation work.

The forensic investigation affirmed on August 31, 2021, that the attackers acquired access to parts of its system that stored patients’ protected health information (PHI), and possibly accessed data including names, birth dates, laboratory test results, Medicare numbers, medical record numbers, and medical insurance data. The Social Security numbers of some persons impacted were exposed. The types of data exposed in the attack differed from one patient to another.

Nationwide Laboratory Services submitted the breach report to the Department of Health and Human Services’ Office for Civil Rights indicating that the PHI of approximately 33,437 people was likely exposed.

Nationwide Laboratory Services stated it’s likely that the hackers exfiltrated a minimal quantity of files from its system before using the ransomware to encrypt files; however, there is no proof uncovered to suggest that patient information was or will be utilized for any unauthorized uses. As a safety measure, impacted people are being urged to examine their accounts and explanation of benefits statements for indications of fraudulent transactions.

Nationwide Laboratory Services provided a year of free credit monitoring services to people who had their Social Security numbers located on the impacted systems.

The FBI lately gave a private industry alert regarding ransomware actors attacking companies that are engaged in big financial events like mergers and acquisitions and are utilizing exfiltrated information to exploit and extort cash from victims. There were a number of instances where the hackers have issued threats to publish sensitive and possibly harmful data to negatively impact stock prices to compel the victims to pay the ransom.

Lavaca Medical Center and Throckmorten County Memorial Hospital Reports Security Breaches

A critical access hospital in Hallettsville, TX, Lavaca Medical Center, has started sending notifications to 48,705 patients regarding a security breach by which their protected health information (PHI) was exposed.

Lavaca Medical Center stated it discovered strange activity in its computer network on August 22, 2021, suggesting a possible cyberattack. The healthcare provider took immediate steps to protect its system and engaged a third-party computer forensics company to assist with the investigation. The forensic investigators affirmed unauthorized people got access to the network between August 17 and August 21.

Although there was no proof of data theft uncovered, the chance that patient information was viewed or exfiltrated couldn’t be ruled out. Breached systems contained information such as names, dates of birth, Social Security numbers, patient account numbers, and medical record numbers. The hackers were not able to access the electronic medical record system.

According to Lavaca Medical Center, it has no reason to believe any patient information was taken from its systems or misused; nevertheless, the HIPAA Breach Notification Rule requires the sending of notification letters to affected persons. As a preventative measure, impacted people were provided credit monitoring and identity theft protection services at no cost.

Network tracking tools were already improved and its systems will be routinely checked for unauthorized activity.

Malware Infection Discovered by Throckmorten County Memorial Hospital

Texas-based Throckmorten County Memorial Hospital has uncovered that unauthorized persons acquired access to sections of its computer system that held the personal records of 3,136 workers and patients.

An attack was discovered on September 7, 2021. There was an unauthorized access to systems and the installation of malware. According to the forensic team, its network was compromised on August 25, 2021, and systems access remained possible until September 7.

An audit of the impacted systems established they included patient data like first and last name, date of birth, address, gender, date(s) of service, diagnoses, current procedural terminology code, ailment, medicine, and particulars of hospital consultations. Worker data possibly compromised included name, salary history, Social Security number, payroll data, and filing details.

Throckmorten County Memorial Hospital mentioned affected people have been given a complimentary credit monitoring service membership and will be covered by identity theft and fraud insurance plan. Notifications concerning the security breach were overdue to give time for the removal of malware and improvement of security, as offering earlier notifications would make its system prone to other threat actors.

FIN12 Ransomware Group Actively Attacks the Healthcare Industry

Ransomware is presently the major cyber threat confronted by the healthcare sector. Attacks usually sabotage healthcare IT programs for many weeks or months making medical records inaccessible. One Ponemon Institute/Censinet research reveals that attacks cause treatment slow downs, even more complications, poorer patient results, and a rise in mortality rates.

A number of ransomware groups have publicly expressed they will cease to target the healthcare sector, however that is not the case with FIN12. Based on a newly published review by Mandiant, 20% of the attacks performed by the ransomware group were on the healthcare sector.

FIN12 is a high profile ransomware group that attacks big game targets. Nearly all the FIN12 victims earn over $300 million revenues per year, with a $6 billion average more or less. Since 2018, FIN12 is active and mostly attacked North America. Though the group has lately extended geographically and also attacks the Asia Pacific and Europe, the most often targeted sectors are healthcare, financial, education, technology, and manufacturing.

Mandiant states that FIN12 is the most productive ransomware actor it monitors. It is behind approximately 20% of all ransomware attacks the agency responds to, so it is the most often active ransomware deployment actor.

It is not clear why FIN12 attacks the healthcare sector when other ransomware-as-a-service operations do not. Mandiant thinks that because healthcare providers need to quickly gain back access to patient information, it is more likely that they will pay the ransom easily. In other sectors, negotiations with victims may last for weeks.

Mandiant is convinced that FIN12 is a professional ransomware deployment actor that utilizes initial access brokers (IABs). IABs usually get a percentage of any ransom payments generated, though certain ransomware operations give a flat rate. Mandiant has found proof that FIN12 usually gives 30-35% of the ransom to the IAB.

TrickBot is one of the IABs widely utilized by FIN12. It is a botnet operation that offers persistent access to the networks of victims. The group has additionally joined with the BazarLoader operation and lately has bought credentials to be able to login to Citrix systems. FIN12 normally deploys the variant Ryuk ransomware, which can spread all through a network and corrupting and encrypting information on several systems.

As opposed to a lot of ransomware actors that spend weeks within the network of a victim prior to deploying ransomware, FIN12 makes quick attacks, less than 4 days of average time-to-ransom (TTR). The group seems to be putting speed first in its attacks while the TTR is decreasing. A few of the current attacks had 2.5 days TTR. These efficiency increases are allowed by their expertise in just one stage of the attack lifecycle, which enables threat actors to build expertise faster, explains Mandiant.

Mandiant states the gang sticks out from other ransomware actors since multifaceted extortion is quite uncommon. It is currently very usual for information to be exfiltrated before ransomware deployment and for threat actors to threaten to post the stolen information when victims don’t pay. Mandiant says the choice not to participate in information theft is probably because of the impact it may have on the TTR. When FIN12 exfiltrated information, the attack’s TTR was approximately 12.5 days.

Although victims might be more probable to pay the ransom because of the threat of data exposure, there’s additionally a greater risk of detection before file encryption. The obvious success of FIN12 without using extra extortion methods indicates the idea that they don’t think spending more time to steal information is worth the risk of getting their plans thwarted.

Alabama Hospital Faces Lawsuit After a Ransomware Attack Led to a Baby’s Death

An Alabama Hospital is facing a medical malpractice lawsuit because allegedly the crucial data that could have averted the demise of a baby wasn’t accessible as a result of a ransomware attack.

Springhill Medical Center located in Mobile, AL encountered a ransomware attack in 2019 resulting in extensive file encryption and a serious IT system outage. The healthcare provider had to take offline its computer systems for 8 days. During this downtime, the hospital still provided patient care with the hospital staff following the hospital’s emergency practices. Without computer systems access, the staff recorded patient data on paper charts. Springhill Medical Center released a report regarding the incident and stated it had no effect on patient care.

Teiranni Kidd went to the hospital to give birth to her baby at the time of the system downtime. She gave birth on July 17, 2019, unfortunately, the umbilical cord was wrapped around the neck of the baby leading to serious brain damage. After the birth, Kidd’s daughter Nicko was moved to a neonatal intensive care unit. Because of the brain damage, Nicko needed feeding through a gastrointestinal tube, constant oxygen supplementation, and 24/7 medical care. On April 16, 2020, Nicko passed away after 9 months of being born.

In January 2020, Teiranni Kidd filed a lawsuit in the Circuit Court of Mobile County, AL. The lawsuit claims the hospital did not notify the plaintiff regarding the ransomware attack and system outage. If the hospital had done so, Kidd would have decided to go to another hospital to give birth.

The lawsuit states doctors and nurses at Springhill Medical Center did not perform several tests before the birth that would have shown the problem of the umbilical cord being twisted around the baby’s neck. Those tests were not done because of the problem brought about by the ransomware attack.

The lawsuit claims a wireless tracker utilized to find medical staff was not operational, patient medical records were unavailable, and electronic systems that provided fatal tracing data were likewise not functioning. The lawsuit states nurses’ station did not have the patient data and the only fetal monitoring data used was a paper report located at the patient’s bedside in the delivery room.

Consequently, the number of healthcare workers who would typically watch [the plaintiff’s] labor and delivery were considerably less and essential safety-critical layers of redundancy were lacking. The lawsuit, hence, claims medical malpractice and wrongful death.

Defendant Springhill Memorial Hospital conspiratorially hid, covered up, and did not make known critical patient safety-related facts, and additionally created an incorrect, misleading, and deceitful narrative regarding the July 2019 cyberattack by intentionally not disclosing crucial factual information.

The lawsuit claims that as a proximate outcome of the non-disclosure of the cyberattack and systems outage, the baby sustained personal injuries and general damages, which include permanent injury causing her death. The hospital did not confess to any wrongdoing.

After a ransomware attack, hospitals still offer medical services to patients and observe their emergency practices and use paper charts for recording patient information, and conduct usually automated processes manually. Most emergency patients are taken to alternate facilities as a safety measure as systems are recovered and access to health records is restored.

This is the first report of a patient’s death allegedly because of a ransomware attack, though it’s not the only cyberattack that puts patient safety at risk. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a report that during the pandemic, ransomware attacks had a negative impact on patient care and outcomes.

Additionally, Ponemon Institute conducted a recent survey on behalf of cybersecurity risk management company Censinet that revealed ransomware attacks led to longer patient stays in hospital, slowdowns in testing, and greater medical complications. The survey also showed that 22% of respondents believed that patient mortality increased after a ransomware attack.

PHI of 29,000 Patients Possibly Exposed Due to a Ransomware Attack at McAllen Surgical Specialty Center

McAllen Surgical Specialty Center in Texas has begun informing patients regarding a ransomware attack, which was discovered on May 14, 2021.

Independent computer forensics experts investigated the breach to find out the nature and extent of the cyberattack. The investigators confirmed unauthorized persons had acquired access to some computers and servers last May 12, 2021 and used ransomware. The unauthorized network access was stopped on May 14.

A detailed evaluation was performed to find out which servers and computers were impacted, and which were possibly accessed by the attackers. On July 22, it was confirmed that patient information was possibly compromised during the attack.

The impacted computers and servers had a variety of patient data, with the types of compromised information differing from one patient to another. Information possibly impacted are names, Social Security numbers, addresses, dates of service, medical insurance data, provider name, medical record numbers, and patient numbers.

There is no proof of data theft discovered and McAllen Surgical stated in its substitute breach notice last September 20, 2021 that it is not aware of any occurrences of actual or attempted patient data misuse; nonetheless, impacted employees and patients were instructed to be cautious and keep track of their accounts and explanation of benefits statements for indications of fake activity. The healthcare provider started to mail notifications to impacted individuals on September 20, 2021.

McAllen Surgical stated it is going to review and improve its current policies and procedures to avoid more privacy breaches. It has already reported the ransomware attack to the Department of Health and Human Services’ Office for Civil Rights indicating that 29,227 persons were affected.

Ransomware Gangs Attack Missouri Delta Medical Center and Barlow Respiratory Hospital

Barlow Respiratory Hospital based in Los Angeles, CA has published information that it has experienced a ransomware attack on August 27, 2021. The Vice Society ransomware gang conducted the attack and acquired access to its network including the electronic medical record system. Prior to utilizing ransomware to encrypt data, the gang exfiltrated patient information, some of which were published on the ransomware gang’s dark web data leak site.

Barlow Respiratory Hospital stated while the attack affected a number of IT systems, the healthcare provider was able to keep on operating under its emergency guidelines and patient care was not disrupted.

Upon discovery of the security breach, law enforcement agencies were notified and a third-party cybersecurity company was called in to assist the investigation and find out the magnitude of the data breach. The attack investigation is still ongoing.

While several ransomware operations have mentioned they are not going to target healthcare organizations, Vice Society doesn’t fall into that category. The ransomware operation came out in June 2021 and already attacked a number of healthcare companies, such as Eskenazi Health in Indianapolis. The ransomware gang has been exploiting new security vulnerabilities, such as the Windows PrintNightmare flaws.

A spokesperson for Barlow Respiratory Hospital stated they will carry on and work with law enforcement to support the investigation. Also, they are working earnestly, with the help of a cybersecurity firm, to evaluate what data may have been exposed in the incident. If required, they will inform the people whose records may have been impacted, according to applicable rules and regulations, eventually.

Missouri Delta Medical Center Encounters Hive Ransomware Attack

The protected health information (PHI) of patients of Missouri Delta Medical Center located in Sikeston, MO was stolen in a ransomware attack carried out by the Hive ransomware gang. At the start of this month, a portion of the stolen records was published to the ransomware gang’s data leak website so as to compel the medical center into giving the ransom payment. The Hive ransomware gang has attacked several healthcare organizations in the last few weeks, such as Memorial Health System.

Missouri Delta Medical Center hired the services of a top-rated forensic security company to investigate the attack and know the nature and extent of the breach. The medical center was eventually informed by a third party that certain patient information was stolen and posted on the internet. Based on the posting on the Hive gang’s data leak webpage, the names, phone numbers, addresses, dates of birth, sex/race, Social Security numbers, next of kin data, diagnoses, and financial data of 95,000 persons was stolen in the attack. That information was included in 400 GB of files that were exfiltrated prior to encrypting files.

Missouri Delta Medical Center stated the attack did not affect its capability to give care to patients. The cyberattack investigation is in progress however at this point it appears that the attack did not impact its electronic medical record system.

Missouri Delta Medical Center apologizes for any hassle this occurrence may have brought about and is taking action to increase security and decrease the risk of the same incident happening later on. The medical center remains focused on keeping on helping the community.

Ransomware Attack on Desert Wells Family Medicine Results in Permanent Loss of EHR Information

Desert Wells Family Medicine based in Queen Creek, AZ has begun sending notifications to 35,000 patients regarding the compromise of their protected health information (PHI) in a recent ransomware attack. The attack happened on May 21, 2021 and caused the encryption of information, which includes its electronic health record (EHR) system.

All information was backed up before the ransomware attack, but besides encrypting records, the attacker corrupted backup files and so all records contained in its EHR system prior to May 21 cannot be retrieved. The types of data in the system, which the hackers might have obtained in the incident included patient names, dates of birth, addresses,
billing account numbers, Social Security numbers, treatment data, and medical record numbers.

Desert Wells stated it did not find any information that suggests any attempted or actual patient information misuse, and the third-party computer forensics specialists did not get any evidence concerning the exfiltration of patient data before file encryption, although it was not possible to eliminate data theft with a high degree of confidence. As a result, Desert Wells decided to provide affected patients complimentary identity theft protection and credit monitoring services.

Upon finding out about the degree of the damage, Desert Wells engaged more forensics and recovery services to try and retrieve the information. Sadly, these initiatives up to now have been unsuccessful and patient electronic information prior to May 21, 2021, cannot be recovered, reported Daniel Hoag, MD, Desert Wells’ family medicine physician.

Desert Wells is building a new EHR system and is trying to populate patient records with information taken from other sources, such as hospitals, laboratories, pharmacies, and medical imaging centers; nevertheless, it is probable that a number of patient data have been forever lost.

According to Hoag, this is a distressing situation and seriously apologized for any problem it may result in. Many healthcare providers in the community, and around the country, were impacted by cybersecurity activities. So, Desert Wells is moving forward with its efforts to improve the security of its system and the information entrusted to them, such as employing enhanced endpoint detection and round-the-clock threat monitoring, and providing extra training and education to employees.

PHI of 9,800 Atlanta Allergy & Asthma Patients Exposed in Cyberattack

Atlanta Allergy & Asthma has commenced informing 9,851 patients concerning a January 2021 cyberattack wherein their protected health information (PHI) was exposed and likely breached. Atlanta Allergy & Asthma reported its investigation into the incident confirmed that hackers got access to its system between January 5 and January 13, 2021. Upon finding out about the breach, the provider took action promptly to remove the unauthorized people from its network and offset any probable harm.

Atlanta Allergy & Asthma employed third-party cybersecurity specialists to find out the nature and magnitude of the breach, with the investigation establishing that the attackers acquired access to segments of the network where documents were kept that included PHI.

A detailed analysis was performed of those documents. Atlanta Allergy & Asthma stated it was established on July 8, 2021 that these types of information were potentially compromised: Names, dates of birth, financial account numbers and/or routing numbers, Social Security numbers, diagnoses, treatment data and costs, procedure types, treatment site, dates of service, provider names, patient account numbers and/or health insurance details.

Atlanta Allergy & Asthma stated it’s not advised of any attempt or actual patient data misuse due to the breach. Commencing on August 20, 2021, the provider sent notification letters to the impacted persons to forewarn them of the exposure of their patient records to make it possible for them to take action to secure against identity theft and fraud, such as obtaining credit monitoring and identity protection services that are being provided cost-free to affected patients.

Atlanta Allergy & Asthma mentioned it consistently measures its cybersecurity strategies and internal controls and is going to be taking action to boost the security and privacy of patient records.

Atlanta Allergy & Asthma’s breach notification letter did not reveal the particular nature of the cyberattack; nonetheless, DataBreaches.net got information that this was a ransomware attack conducted by the Nefilim ransomware threat group and that sensitive files were ripped off in the attack. A number of the stolen information comprised patient data and 2GB of stolen records were left on the Nefilim data leak webpage in March 2021.

48,000 People Impacted by CarePointe ENT Ransomware Attack

CarePointe ENT, an ear, nose, and throat specialist based in Merrillville, IN, has reported that it encountered a ransomware attack on June 25, 2021 and files on its network were encrypted. A number of the encrypted files are identified to be made up of the personal data and protected health information (PHI) of its patients.

It is typical in ransomware attacks to exfiltrate sensitive data before using ransomware to encrypt data files. The primary reason for data exfiltration is to force victims into giving the ransom payment. CarePointe stated it is convinced the attackers’ only goal was to extort cash from the practice, and not to acquire patient information. No reports were acquired which indicate the misuse of any patient information due to the cyberattack, though after carefully looking into the attack it wasn’t possible to exclude the probability that the attackers viewed patient information.

CarePointe mentioned it has undertaken the appropriate steps to minimize the probability of more cyberattacks, with the extra steps put in place which include better threat recognition abilities and limiting remote systems access. Impacted patients were cautioned to get a free credit report and to examine the report for indications of improper use of their personal data and PHI, and additionally to consider putting a fraud notifier on their credit accounts.

An analysis of the systems which the attackers accessed confirmed that these types of patient information might have been exposed: Name, birth date, address, Social Security number (if given to CarePointe), health insurance data, and related health data.

CarePointe reported the ransomware attack to the Department of Health and Human Services’ Office for Civil Rights indicating that around 48,742 people were affected.

12,000 Patients Affected by Revere Health Phishing Attack

The U.S. Agency for International Development (USAID) had been impersonated in a phishing attack that has led to the compromise of the protected health information (PHI) of around 12,000 Utah healthcare provider Revere Health patients. The phishing attack was quickly discovered by the Revere Health IT staff, which speedily secured the mailbox to prohibit unauthorized access. As per a breach notice posted by Revere Health, the inbox was just breached for about 45 minutes on June 21, 2021.

An investigation of the incident was started to find out if any data in the email account was read or copied. Although it wasn’t possible to ascertain if emails within the account were viewed or exfiltrated, Revere Health stated it has checked the Net and didn’t find any cases of patient information being exposed on the internet.

An evaluation of email messages and file attachments affirmed they included the PHI of patients of the Heart of Dixie Cardiology Department based in St. George. The data included medical record numbers, birth dates, names of provider, procedures, and insurance company names, although there’s no financial details or highly sensitive records.

Revere Health is convinced that the purpose of the attacker wasn’t to obtain access to patient information but to utilize the email account for a far more advanced phishing attack on Revere Health workers. Considering the limited window of opportunity and the confined nature of the information included in the account, the threat to patients is thought of to be minimal. Patients were informed to be cautious against any attempted data misuse.

Nobelium, the Russian threat group responsible for the SolarWinds supply chain attack, lately impersonated the US Agency for International Development in a phishing campaign. The campaign is continuing beginning in early 2021. The attackers acquired command of the Constant Contact email marketing account utilized by USAID, and the account was employed to send out persuasive phishing e-mails to over 350 companies. In that campaign, the objective was to send malware by impersonating real USAID email messages. At the end of May, the U.S. Department of Justice arrested two domains being utilized in the spear-phishing attacks.

Mid-Year Threat Report Reveals Huge Increase in Ransomware Attacks

Last July, SonicWall issued a mid-year Cyber Threat Report update, which confirmed a big rise in cyberattacks beginning 2020. In the first half of 2021, cryptojacking attacks rose by 23%, encrypted threats went up by 26%, IoT attacks increased by 59%, and ransomware attackers increased by 151% compared to the corresponding time period last year.

Ransomware attacks were continuously growing starting Q1 of 2020, however the rate of increase jumped substantially between Q1 and Q2 of 2021, growing by 63.1% with a total of 188.9 million attempted attacks in Q2. In June, there were 78.4 million attempted cases of ransomware attacks, which is higher than the number of attacks in the 2nd quarter of 2020 and about 50% of the number of attempted ransomware attacks in 2019. The total number of attempted ransomware attacks in the first half of 2021 was 304.7 million.

2021 is the toughest year for ransomware recorded by SonicWall, mentioned in the report.

About 73% of ransomware attacks are usually performed in the United States. But ransomware attacks are growing worldwide. In the first 6 months of 2021, there is a 180% growth in attacks in North America and a 234% increase in ransomware in Europe. The United States had a 185% spike while the UK had a 144% increase in attacks.

Within the United States, some states were greatly attacked. The worst affected state was Florida, registering 111 million ransomware incidents, which is greater than the next nine most hit states put together. New York had 26 million attempted attacks; Idaho had 20 million, and Louisiana got 8.8 million.

The most hit sector is government. 2021 had a triple increase in ransomware attacks, which is the highest point in 2020. In June, government customers were targeted about ten times the average level. The education field was also widely targeted, though attacks on healthcare clients have continued to be reasonably constant all through the first six months of the year.

The greatest ransomware threat in 2021 was the Ryuk ransomware, as 93.9 million incidents of Ryuk were recorded in the first 6 months of the year, which is thrice the level in the corresponding time period in 2020. Cerber ransomware was additionally a big threat, with 52.5 million cases were documented in the first half of 2021. The number of Cerber incidents increased dramatically in April and May. Two-thirds of the 2020 total number of SamSam ransomware attempts were recorded in June alone, having 15.7 million attack attempts.

SonicWall reports there are a number of aspects that have driven the growth in attacks. One main reason is the extreme profitability of cyberattacks. A lot of firms have paid ransoms to bring back files or to avert the leak of sensitive data stolen in the attacks.

SonicWall says cyber threat actors are likewise getting more successful at locating and encrypting backups, making recovery difficult or impossible if no payment of ransom is made. There was likewise a rise in data theft prior to deploying ransomware. Victims often pay the ransom to retrieve information even if legitimate backups exist to retrieve files.

It is becoming prevalent for threat actors to perform repeat attacks on companies that have given the ransom since there is a possibility that a second ransom will likewise be paid. Companies that pay a ransom may additionally be attacked by other threat actors that have found out that one payment was given.

There was a few not so bad news reported, for example, the significant decline of malware attacks year over year. SonicWall Capture Labs documented 2.5 billion malware attempts in the first six months of 2021, which means a 22% drop from the same time frame in 2020. There was additionally a drop in the number of malicious PDF and Office files being spread in spam and phishing emails. The use of malicious Office files dropped by 54% in 2021; malicious PDF files dropped by 13%.

University Medical Center of Southern Nevada Reports PHI Exposed During a Cyberattack in June

University Medical Center of Southern Nevada (UMC) has given another report concerning a cyberattack it suffered in June 2021 and has already affirmed the compromise of a number of patient data during the attack.

A July 29, 2021 UMC press release reported that the cyberattack took place on June 14, 2021 and was executed by a popular group of cybercriminals that make use of the stolen data for financial gain. UMC stated that it detected the suspicious activity within its IT system and took prompt action to take the attackers out of its network. UMC mentioned the breach was under control on June 15. The preliminary investigation suggested that the attackers had acquired access to selected file servers; nevertheless, the immediate action undertaken by its IT Department resulted in zero disruption to its clinical systems or patient care services.

At first, UMC stated it believes that the attackers did not access any clinical systems, even though the investigation of the incident was still not yet finished in confirming the nature and extent of the cyberattack. The forensic investigators now affirmed that selected files that contain patients’ protected health information (PHI) were affected during the attack.

The files included data like names, addresses, birth dates, Social Security numbers, medical insurance data, financial details, and certain clinical data, such as medical backgrounds, diagnoses, and test findings. UMC stated there is no evidence found that suggests the misuse of any particular patient data.

UMC is currently sending notification letters to all persons possibly impacted by the attack and provided free identity theft protection services.

UMC mentioned it informed the FBI and the Las Vegas Metropolitan Police Department regarding the cyberattack and is working together with third-party cybersecurity experts and will be employing more internal and external applications to increase the security of patient information and avoid other cyberattacks.

Cyberattack at UF Health States PHI, Eskenazi Health and Sandford Health

On May 31, 2021, UF Health Central Florida encountered a cyberattack that impacted The Villages Hospital and Leesburg Hospital. UF Health announced the security breach within a couple of hours after discovering the attack, though during the time it was uncertain if any patient information was exposed in the attack.

A breach investigation was performed to figure out if the attackers got access to its computer system from May 29 to May 31, 2021, and although there is no confirmation of unauthorized access to patient information yet, UF Health already reported the potential access to some patient information. The exposed information involved names, addresses, birth dates, Social Security numbers, medical insurance details, patient account numbers, medical record numbers, and some treatment data.

UF Health stated that the attack did not affect its electronic medical records, nor its Jacksonville or Gainesville campuses. UF Health mentioned it is convinced that there is no misuse or exposure of any exposed information; nevertheless, as a safety measure against identity theft and fraud, impacted people are being provided credit monitoring and identity theft protection services for free. UF Health stated it is doing something to avert other attacks, such as improving the defenses of its electronic systems and fortifying security for sensitive information.

UF Health did not say to the public if there was ransomware involved in the cyberattack, however, a number of local media outlets reported the involvement of ransomware and the demand for $5 million ransom by the attackers.

Attempted Ransomware Attack Reported by Eskenazi Health

Eskenazi Health located in Indianapolis, IN is coping with an attempted ransomware attack, which happened on the morning of August 4, 2021. According to Eskenazi Health, its tracking systems worked as they ought to and proactively powered down its network to control the attack.

Eskenazi Health followed the emergency procedures and the so ambulances are diverted to other establishments to make sure that patients are safe. Eskenazi Health is presently working to restore its systems on the web. At this point, its tracking systems state that patient and employee information were not jeopardized in the attack.

Sandford Health Suffers Cyberattack

Sandford Health in Sioux Falls, SD stated it was a target of an August 3, 2021 cyberattack which is currently being resolved. Sanford President and CEO Bill Gassen affirmed its IT Staff took hostile steps as a reaction to the attempted cyberattack and it is doing everything it can to lessen trouble and giving excellent care to its patients is still its top one goal.

No other information has been revealed regarding the particular nature of the breach, however, at this point, it doesn’t seem that the records of employees, patients, or residents were exposed. Top IT security professionals were involved and are helping to handle the breach response and inquiry and additional details will be published when it is accessible.

Guidehouse Reports Breach Impacting Several Healthcare Provider Clients

Community Memorial Health System based in Ventura, CA, Cayuga Medical Center based in Ithaca, NY-based, and Lehigh Valley Health Network based in Allentown, PA were impacted by a cyberattack at a vendor, which is a business associate.

The three healthcare companies utilized Guidehouse as a provider of their medical billing and collection services. Hackers accessed the Accellion File Transfer Appliance (FTA) utilized by Guidehouse for sending files to customers on January 20, 2021. For Community Memorial Health System patients, the files contained sensitive patient data like names, birth dates, member ID addresses, and selected medical data. For Cayuga Medical Center patients, the names, birth dates, insurance account numbers, and selected medical data were possibly exposed. For Lehigh Valley Health Network patients, the possibly exposed information includes names, account numbers, medical record numbers, dates of service, diagnosis and treatment procedure names, billing or payer details and names of the provider.

Accellion notified Guidehouse regarding the cyberattack in March 2021 and promptly ceased utilizing the FTA service. Prominent cybersecurity professionals helped with the breach investigation and response. Guidehose notified the affected clients concerning the breach on May 21, 2021.

Guidehouse issued breach notification letters to impacted entities on July 16, 2021. The late sending of notifications was because of the time spent to determine the people impacted and to verify contact information.

Although the hackers obtained some data during the attack, Guidehouse mentioned it is not aware of any incidents of stolen data misuse. Nevertheless, as a safety measure against identity theft and fraud, impacted people will get a free Experian IdentityWorks credit monitoring service membership for two years.

The incident is not yet posted on the HHS’ Office for Civil Rights breach website, therefore the number of affected patients at the three healthcare companies is still uncertain.

A few more healthcare companies in the United States were impacted by the Accellion FTA cyberattack, such as Kroger Pharmacy, Health Net, Trillium Health Plan, Trinity Health, Arizona Complete Health, Stanford Medicine and Centene Corp.

PHI Possibly Compromised in Eye Center and Law Company Ransomware Attacks

Francisco J. Pabalan MD of Pabalan Eye Center based in Riverside, CA has announced a ransomware attack that has affected around 50,000 patients.

The center discovered the ransomware attack on March 3, 2021. The investigation confirmed that the attack started on March 1. The threat actors encrypted files on servers and computers thus preventing patient data. They also asked for a ransom to restore the patient data. All impacted computers and servers had been backed up prior to the attack, therefore encrypted data recovery is possible even if not paying the ransom.

The investigation did not find any evidence of data theft. The ransomware attack seems to have been conducted just to bring about disruption to services in order to get cash from the practice. Following the attack, all computers and servers were changed prior to the installation of operating systems and software program, and patient information was then restored from backups.

Extra security steps have been implemented, such as using new anti-virus and anti-ransomware application, a new Security Rule Risk Management Plan, and a new data encryption technology. New technical security measures were brought in to strengthen security, such as new, secure VPN-protected connections to servers, up-to-date password policies, and extra training provided to the employees to help with the recognition of security risks. Moving onward, regular technical and non-technical assessments and updates will be carried out.

Although it does not appear that the attackers obtained financial details, all affected patients were instructed to be cautious and keep track of their account statements and for any indications of identity theft or scam. Protected health information (PHI) possibly compromised in the incident includes scanned insurance forms, examination findings, imaging, diagnostic screening, and scanned past medical data.

Campbell, Conroy, O’Neill Law Agency Reports a Ransomware Attack

Campbell, Conroy, O’Neill law firm located in Boston, MA has announced a ransomware attack on or roughly February 27, 2021.

The attackers encrypted selected files on its systems which hindered access. The investigation suggested the attacker had accessed files that contain sensitive data in the attack. It was not possible to know whether the threat actor saw or obtained data associated with particular individuals.

The types of information contained in the files varied from one person to another. One or more of the following data elements are included: names, dates of birth, state identification numbers, driver’s license numbers, financial account details, Social Security numbers, passport numbers, payment card details, health data, health insurance details, biometric information, and online account credentials like usernames and passwords.

Campbell, Conroy, O’Neill has performed an evaluation of guidelines and procedures and more safeguards are being executed to stop more attacks. Persons whose Social Security number was possibly exposed in the incident were given a complimentary 2-year membership to fraud consultation, credit checking, and identity theft restoration services.

Ransomware Attacks Reported by Professional Business Systems and Prima Pediatrics

Professional Business Systems, Inc. doing business as Practicefirst Medical Management Solutions and PBS Medcode Corp, a medical management services provider for healthcare companies, has encountered a ransomware attack that allowed the attackers to acquire patient information

The service provider discovered the ransomware attack on December 30, 2020, and immediately shut down its systems in order to restrict the attack and informed law enforcement. Third-party cybersecurity specialists investigated the occurrence.

Practicefirst hasn’t affirmed if the ransom was paid however it said that the attacker assured that the files stolen from its systems were destroyed and won’t be further exposed.

There were no known cases of patient data misuse; nevertheless, all impacted persons were instructed to keep track of their accounts for any indication of falsified activity.

The types of patient data included in the breached files were different from one patient to another and might have contained the data elements listed below:

name, address, email address, birth date, driver’s license number, Social Security number, laboratory, diagnosis, and treatment data, patient ID number, medication data, medical insurance identification and claims data, tax ID number, employee username and password, employee username and security Q&A, and bank account and/or debit card/crebit card data.

Extra security techniques were since put in place to better secure its email, network and other IT programs.

Prima Pediatrics Experiences Suspected Ransomware Attack

Prima Pediatrics detected the compromise of some of its computer programs and the installation of malware that caused a number of its computer systems to be non-functional and the information saved on those systems unavailable.

Prima Pediatrics stated the majority of the information on the impacted computers is believed to have been encrypted during the attack, and there was no information regarding the improper usage of patient information. The investigation found no proof to indicate the exfiltration of any patient information by the attackers. The impacted systems contained the following protected health information (PHI): names, diagnoses, and medical illnesses, and medical backgrounds.

All patients possibly impacted by the breach were informed and instructed to keep track of their accounts and explanation of benefits reports for any indication of bogus activity. Prima Pediatrics is going to assess and update its privacy and information security policies and processes to avoid the same cases from happening again.

Elekta Cyberattack Impacts Northwestern Memorial HealthCare and Renown Health Patients

Northwestern Memorial HealthCare in Chicago, IL and Renown Health in Reno, NV were impacted by a cyberattack on Elekta, one of their business associates that provide a software system utilized for clinical radiotherapy for patients with cancer and brain ailments.

Elekta in Stockholm discovered the data breach and released a statement to confirm unauthorized access to its first-generation web-based storage system, which impacted a part of its North American customers.

Elekta is cooperating with the authorities and third-party cybersecurity specialists to find out specifically how the breach happened and the character and extent of the breach. Elekta began informing impacted healthcare providers in April 2021.

Elekta’s investigation showed that its systems were attacked from April 2, 2021 to April 20, 2021. The attackers got access to its systems and exfiltrated data that included the data of oncology patients, however, the breach only affected Elekta’s systems. There was no compromise of any systems belonging to its healthcare provider clients.

Northwestern Memorial HealthCare stated the database contained data like patient names, birth dates, Social Security numbers, medical insurance data, medical record numbers, and clinical data associated with cancer treatment, including medical records, doctor names, dates of service, treatment details, diagnoses, and/or prescribed medicine details.

Renown Health submitted a breach report indicating the compromise of 65,181 patients’ data such as names, addresses, Social Security numbers, birth dates, diagnoses, medical treatment details, appointment schedules and other patient data like weight and height.

Northwestern Memorial Healthcare stated the database comprised the protected health information (PHI) of 201,197 oncology patients who got treatment from a hospital in the list below:

  • Northwestern Medicine Delnor Community Hospital
  • Northwestern Medicine Central DuPage Hospital
  • Northwestern Medicine Huntley Hospital
  • Northwestern Medicine Lake Forest Hospital
  • Northwestern Medicine Kishwaukee Hospital
  • Northwestern Memorial Hospital
  • Northwestern Medicine McHenry Hospital
  • Northwestern Medicine Valley West Hospital
  • Northwestern Medicine Valley West Hospital

Although data theft was established, Elekta reported there is no misuse or exposure of any patient data.

Northwestern Memorial Healthcare stated that people who had their Social Security number compromised will receive free credit monitoring and identity theft protection services. Renown Health mentioned Elekta is offering free identity checks, fraud consultation, and identity theft restoration assistance.

There’s a total of 42 healthcare systems are considered to have been impacted by the breach. In several instances, impacted facilities had to temporarily stop cancer treatments and coordinate patient treatment at other healthcare facilities.

The breach also impacted the following:

  • 8,000 patients of Cancer Centers of Southwest Oklahoma, OK
  • 4,687 patients of Charles Health System, OR
  • 200+ patients of Yale New Haven, CT
  • Unknown patients of Carle Health, IL
  • Unknown patients of of Lifespan, RI
  • Unknown patients of Southcoast Health, MA

Maximus Data Breach Impacts 334,000 Medicaid Healthcare Service Providers

Ohio Medicaid has reported a data breach encountered by Maximus Corp, its data manager, that resulted in the compromise of the personal data of Medicaid healthcare companies.

Maximus is an international vendor of government health information services. Because the company provides those services, it gets access to the personal data of Medicaid healthcare companies. On May 19, 2021, Maximus learned that unauthorized individuals accessed a server containing the personal data furnished to the Ohio Department of Medicaid (ODM) or to a Managed Care Plan from May 17 to May 19, 2021.

When Maximus discovered the breach, it took the server off the internet to block the attacker’s unauthorized access. A top-rated third-party cybersecurity company is investigating. the incident The cybersecurity company stated that the breach was limited to a program on the server and did not affect any other servers, programs, or systems.

There is no evidence identified that shows the misuse of any data inside the application, though data theft cannot be eliminated. The program was utilized for the requirement of credentialing or tax identification associated with the function of every individual as a healthcare service provider.

The application contained the following types of sensitive information: names, Social Security numbers, birth dates, and Drug Enforcement Agency numbers. According to Maximus, the breach did not affect persons covered by Medicaid.

Maximus stated the quick identification of the breach confined possibly negative impacts; nevertheless, because there is a probability of data theft, it sent notifications to all people affected on June 18, 2021. The company also offered free credit monitoring services for 2 years.

Maximus already reported the breach to the Maine Attorney General indicating that 334,690 people were affected. Those people are based in several U.S. states.

PHI of Approximately 500,000 People Potentially Stolen During the Wolfe Eye Clinic Ransomware Attack

Wolfe Eye Clinic, which manages a network of eye health clinics across Iowa, has reported its encounter with a ransomware attack on February 8, 2021. Attackers acquired access to its networks, deployed ransomware and encrypted files. Much like in most ransomware attacks today, before file encryption, the hackers exfiltrated information from Wolfe Eye Clinic systems. The clinic received a ransom demand in exchange for the file decryption keys, however, it opted not to pay the ransom and retrieve files from backup copies. .

Wolfe Eye Clinic mentioned in its substitute breach notification letter that prompt action was undertaken to protect its network. Third-party IT security and forensic experts were involved to find out the nature and scope of the security breach. Because of the degree and sophistication of the attack, the team only determined the full scope of the security breach on May 28, 2021 and identified the data exposed during the attack.

The forensic inquiry, which ended on June 8, 2021, confirmed that the hackers viewed and exfiltrated the information of present and past patients. The stolen protected health information (PHI) contained names, contact information, dates of birth, Social Security numbers, and for certain persons, medical data.

Wolfe Eye Clinic began sending notification letters to impacted persons and offered free identity theft protection and credit monitoring services for one year via IDX. Wolfe Eye Clinic explained it is carrying out more safety measures to stop other attacks.

The attackers seem to have exfiltrated a huge volume of data. According to KCCI Des Moines, the incident impacted around 500,000 people, so this is regarded as one of the biggest ransomware attacks on one healthcare company that has been reported this 2021.