Data Breaches at One Brooklyn Health System and Mena Regional Health System

One Brooklyn Health System is presently handling a cyberattack that has prompted interruption at its three hospitals – Brookdale Hospital Medical Center, Kingsbrook Jewish Medical Center, and Interfaith Medical Center. Not much information was published concerning the attack to date, which is thought to have happened on or prior to November 19. The health system shut down its system on this date and stayed offline for over one week.

The New York Post announced that the cyberattack has kept hospital personnel from being able to access the electronic medical record system, therefore patient data was recorded with the use of pen and paper and the hospitals adopted emergency protocols. It was decided to redirect ambulances to other hospitals, even though contact with other hospitals in the community seems to be non-available. The health system likewise reportedly didn’t inform New York Fire Department ambulance services that it will send its emergency cases to alternate hospitals.

The hospital has involved third-party specialists to help look into the nature and extent of the cyberattack and to help with restoring IT systems on the internet. Some systems are actually accessible online and there is restricted access to its electronic medical record system as well as some other medical software. One Brooklyn Health released a statement stating that the security breach did not affect patient care and although ambulances were redirected, appointments were not canceled. At this period of the breach response, it’s still early to say whether patient data was affected and to what extent.

More or Less 85,000 Patients Affected by Mena Regional Health System Breach

Mena Regional Health System (MRHS) based in Arkansas reported on November 22, 2022, the access and exfiltration of files with 84,814 patients’ protected health information (PHI) by an unauthorized third party.

MRHS didn’t mention in its substitute breach notice the date of the initial network access by the hacker. However, the intrusion was identified on November 8, 2022. According to the investigation, files were extracted from its system over a year ago, on or about October 30, 2021. MRHS offered no clarification regarding why it took a long time to identify the breach.

The analysis of the files affirmed the includion of complete names, birth dates, Social Security numbers, government ID numbers/driver’s license, financial account details, health record/patient account numbers, medical diagnosis/treatment data, medical company names, laboratory results, prescription data, and medical insurance information.

MRHS stated it did not know of any actual or attempted patient data misuse and that as a safety precaution, it sent notification letters to impacted persons. That process started on November 22, 2022. Those who had their Social Security numbers exposed received free credit monitoring services. Security processes are under review and will be modified to protect the privacy and security of patient data.

10 Charged With BEC Scams Targeting Medicare, Medicaid, and Private Insurance Organization

The U.S. Department of Justice has accused 10 people of business email compromise scams that led to losses of over $11.1 million from Medicaid, Medicare, and private medical insurance plans. The payments were for hospitals for delivering covered healthcare services.

Business email compromise (BEC) scams entail getting access to real email accounts and utilizing them to fool persons in charge of wire transfers into transmitting fraudulent payments to accounts controlled by the threat actor. These scams are the number one reason for losses to cybercrime. As per the FBI, over $43 billion was forfeited to these scams from June 2016 to December 2021. In 2021 only, the FBI Internet Crime Complaint Center got reports of losses due to BEC scams totaling $2,395,953,296.

The arrests were associated with a string of frauds that spoofed hospital email accounts. The persons purportedly engaged in these attacks sent email messages asking for to make modifications to the bank account information on file for all payments down the road. The accounts were lately created by money mules, who would take the money as soon as the transfers were done. The money was then laundered via fake and stolen identities and shell firms. The cash was transmitted overseas and was utilized to buy luxury products and exotic cars. Two Medicare Administrative Contractors, and five Medicaid programs, and two private health insurance companies were fooled into altering the bank account particulars for payments.

7 people were just charged in association with these scams, all of whom were locals of Georgia and South Carolina. They were

  • Biliamin Fagbewesa, 31 years old from Columbia, South Carolina
  • Desmond Nkwenya, 35 years old from Atlanta, Georgia
  • Patrick Ndong-Bike, 32 years old from Atlanta, Georgia
  • Cory Smith, 29 years old from Atlanta, Georgia
  • Olugbenga Abu, 45 years old from Atlanta, Georgia
  • Chisom Okonkwo, 26 years old from Atlanta, Georgia
  • Trion Thomas, 50 years old from Stone Mountain, Georgia

The other three persons were formerly accused of their money laundering activities. They were

  • Adewale Adesanya, 39 years old from Jonesboro, Georgia
  • Sauveur Blanchard Jr., 49 years old from Richmond, Virginia
  • Malachi Mullings, 29 years old from Sandy Springs, Georgia

Medicare, Medicaid, and private medical insurance providers experienced losses of over $4.7 million. Federal government institutions, private businesses, and individuals suffered $6.4 million in losses. 9 of the defendants are facing maximum prison terms of 20 or 30 years in case found guilty. Adewale Adesanya confessed to conspiracy to commit money laundering and to the usage of a bogus passport, having laundered around $1.5 million from the BEC scams targeting Medicaid, the IRS, a private firm, the Small Business Administration (SBA), and two senior romance scam victims. His punishment is 4 years in prison on September 15, 2022.

These accusations show a brazen attempt to siphon funds, partly, from vital health care services to finance personal gain, stated the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG) Deputy Inspector General for Investigations Christian J. Schrank. A major concern of HHS-OIG is the reliability of programs like Medicare and Medicaid, and therefore it is the uttermost priority to go after people who financially take advantage of them. This synchronized action is a perfect example of the dedication that HHS-OIG and our police partners to protect the federal healthcare system from fraudulence.

Around 1.2 Million Patients Affected by Ransomware Attack on Puerto Rico Hospital

Doctors’ Center Hospital located in Puerto Rico has just informed the Department of Health and Human Services Office for Civil Rights (OCR) about the hacking/IT incident it has experienced and the potential compromise of the protected health information (PHI) of 1,195,220 patients.

The hospital’s website has not published any notification concerning the incident yet as of November 23, 2022. Therefore, Doctors’ Center Hospital has not publicized any detail about the nature of the attack yet. But all existing information suggests that the incident was a new attack, and the hospital is still trying to bounce back from it.

Databreaches.net looked into the incident and discovered a somewhat unknown ransomware gang named Project Relican accessed the data leak website and claimed accountability for the cyberattack. The Project Relic dark web data leak website posted 114 MB of the 211 GB of data that was stolen during the attack.

A report written by Blackpoint’s Adversary Pursuit Group talks about the group, which states that the new ransomware group was not well-known one month ago, however, it has carried out several attacks. It is believed that the group just began its operations in October 2022. As per Blackpoint, the ransomware is written in Go because of its ease of mobility, speed, and the little possibility of it being noticed by static exploration. The group is recognized to connect with victims through a customized chat program on the Tor network to make a deal on ransoms and the group posts stolen information when the ransom is not compensated when they’re due.

One partner of Blackpoint encountered an attack and the group professed to have extracted 400 GB of information and demanded a ransom amount of 100 BTC or roughly $1,638,800. Blackpoint has examined the ransomware, however, it cannot determine at this time how the group could access victims’ networks.

Additional updates will be posted when it becomes available.

OakBend Medical Center and Keystone Health Face Lawsuits Over Data Breaches

OakBend Medical Center Cyberattack

OakBend Medical Center learned about the compromise of its systems and encryption of files on September 1, 2022. The hospital controlled the breach and blocked access to its network. A forensic investigation was carried out to find out the nature and extent of the cyberattack. The forensic investigation reported that the threat actors had extracted files that contain patient information. OakBend Medical Center stated entire healthcare records don’t seem stolen. The stolen information included names, contact details, birth dates, and Social Security numbers. The attackers known as Daixin Team claimed they stole information including 1 million patient documents, though Oakbend Medical Center has not confirmed this yet.

On October 28, 2022, the data breach impacted two patients, Alissa Wojnar and Ryan Higgs. Wojnar and Higgs took legal action because of the theft of their protected health information (PHI). Attorney Joe Kendall of Dallas, TX filed the lawsuit in the District Court for the Southern District of Texas. Allegedly, Oakbend Medical Center kept the private data of patients carelessly and did not appropriately keep track of its IT system. The lawsuit claims negligence, negligence per se, breach of fiduciary duty, breach of implied contract, unjust enrichment, invasion of privacy, and intrusion upon seclusion.

The plaintiffs assert they have sustained the loss of the benefit of their bargain, out-of-pocket expenditures, the value of their time that was spent on remedying and mitigating the impact of the attack, emotional stress, and the impending risk of potential problems due to the exposure of their sensitive personal data. The legal action wants class-action status, repayment of out-of-pocket expenditures, compensatory damages, and injunctive relief that calls for OakBend Medical Center to carry out extra security procedures to better secure patient information and to additionally give enough credit checking services to impacted individuals.

Keystone Health Cyberattack

Keystone Health uncovered the compromise of its network on August 19, 2022. After securing the systems, a forensic investigation was started to find out the extent of the attack. It was established that the attackers got access to its system from July 28, 2022 to August 19, 2022. At that time, the accessible sensitive patient information included names, clinical data, and Social Security numbers. The breach impacted 235,237 individuals, who received notifications on October 14, 2022.

The law agency Milberg Coleman Bryson Phillips Grossman, PLLCA filed the legal action in the District Court for the Middle District of Pennsylvania naming Jacob Whitehead as the plaintiff, for his son, a minor. The lawsuit claims Keystone Health did not appropriately protect and safeguard personally identifiable information (PII), and that the private data of patients were managed in a careless and negligent way that made it susceptible to cyberattacks.

The legal action claims negligence for not implementing minimum industry requirements for securing patient information and states Keystone Health did not satisfy its commitments as per the HIPAA Security Law as suitable safety measures were not applied to safeguard patients’ electronic protected health information (ePHI). The lawsuit additionally claims a breach of the HIPAA Breach Notification Rule for not appropriately notifying patients regarding the data breach.

The lawsuit states the plaintiff and others impacted by the data breach are currently at considerable risk of identity theft and different other types of personal, financial, and social harm. They claim an injury was suffered as they lost or reduced the value of their private data, out-of-pocket expenditures related to the avoidance, identification, and recovery from identity theft, tax scams, and/or unauthorized usage of their private data, lost time and opportunity, and a continuing and considerably higher risk of cyberattacks and fraudulence.

The lawsuit wants class-action status, damages, and equitable and injunctive relief, a jury trial, which includes a need for Keystone Health to make sure it has an efficient and extensive security plan, to go through independent security inspections and penetration tests, to have internal employees run automated security tracking, and to give employees security awareness training at least yearly.

Cyberattack on Michigan Medicine and Ascension St. Vincent’s Coastal Cardiology Brunswick

University of Michigan Health (Michigan Medicine) has lately announced the potential compromise of the protected health information (PHI) of around 33,850 patients due to a phishing attack. Michigan Medicine detected suspicious activity within its email account and took steps immediately to secure the accounts to stop further unauthorized access.

Michigan Medicine stated the phishing campaign happened between August 15 and August 23, 2022, resulting in the compromise of four email accounts. According to the breach notice of Michigan Medicine, employee email accounts were secured by multi-factor authentication when the attack happened. Four employees answered the phishing emails, clicked on a malicious site, revealed their Michigan Medicine login details, and replied to the multi-factor authentication prompts, therefore, their accounts were accessed.

The investigation of forensic experts uncovered no proof of data theft and it appeared there was no breach of accounts in order to acquire patient information; nevertheless, Michigan Medicine has supposed that all data in the accounts were exposed. The evaluation of the email accounts was done on October 17, 2022. Michigan Medicine already sent the breach notification letters.

The compromised accounts had job-related communications for patient coordination and care. The data in the email messages were different from one patient to another and possibly included names, together with one or more of the following types of information: date of birth, address, diagnostic and treatment details, and medical insurance data. Michigan Medicine mentioned it has put in place additional technical safeguards to its email system and the infrastructure to avert more identical incidents.

This is Michigan Medicine’s second email account breach report submitted this year. In late February, Michigan Medicine reported that a single email account with the PHI of 2,920 individuals had been breached. Michigan Medicine was likewise targeted in a phishing campaign in 2019, that resulted in the receipt of phishing emails by 3,200 employees. During that attack, three employees replied, leading to the exposure of the PHI of 5,466 patients.

Ransomware Attack on Ascension St. Vincent’s Coastal Cardiology Brunswick

Ascension St. Vincent’s Coastal Cardiology Brunswick based in Georgia has begun informing 71,227 patients concerning a security breach that impacted its old systems, which include its old electronic health record system. The healthcare provider discovered the incident on August 15, 2022, and immediately secured all systems to stop continuing unauthorized access; nevertheless, the encryption of selected files on those systems cannot be prevented. The investigation affirmed the attack was limited to its old systems and did not impact any Ascension networks or systems or its electronic medical system. The old Coastal Cardiology system was mainly employed to keep patient information to satisfy regulatory prerequisites and wasn’t employed for present business operations.

Ransomware attacks frequently entail data theft before files encryption; nevertheless, the forensic investigation did not find any proof that suggests the removal of any information from those systems. Based on the breach notice, there was no ransom paid, since the data can’t be decrypted. Therefore, it cannot be determined which types of data were encrypted. Ascension mentioned the systems could have comprised demographic and medical data associated with appointments at Coastal Cardiology before October 5, 2021. That data could have contained names, telephone numbers, addresses, email addresses, insurance data, clinical details, billing and insurance details, and Social Security numbers.

The affected individuals received free credit and identity theft protection services. Ascension stated it has performed a security risk analysis, realigned employee’s duties, eliminated access rights to the heritage system, and is giving additional training to its colleagues.

CommonSpirit Health System Breakdowns Due to Ransomware Attack

CommonSpirit Health encountered a data security incident on October 3, 2022. Its systems, which include its electronic medical record (EHR) and other crucial IT systems, were taken offline to avoid further damage, control the breach, and stop unauthorized access to sensitive information. CommonSpirit Health released a statement on the next day, explaining that the incident involved an IT issue causing system outages at a few of its hospitals and care centers. CommonSpirit Health is one of the biggest health systems and is the second-biggest non-profit health system in America. It has about 1,500 hospitals and clinics in 21 states. CommonSpirit Health was created from the CHI Health and Dignity Health merger in 2019.

After the security incident, hospitals and care facilities throughout the United States began reporting that they were impacted. This shows that the incident had an impact all over the country. Many CHI Health facilities reported they were impacted and implemented emergency procedures because they lacked access to critical IT systems. Hospitals located in Illinois, Iowa, Nebraska, Washington, and Tennessee all reported that they were affected by the incident.

CHI Health gave a statement about the impact of the CommonSpirit Health incident and that a number of CHI Health facilities had taken their systems offline as a safety measure. Because of patient safety issues, it was decided to end, delay, or reschedule a number of patient consultations and procedures, to temporarily suspend access to the patient portal, and to follow offline procedures for operations and handling prescription drugs.

These steps were essential to control the attack and stop the impact on systems; nevertheless, they are having a considerable effect on patients, who encounter slowdowns in getting health care. A lot of people are likewise having difficulties obtaining the medicines they require to deal with their medical conditions. MercyOne, the manager of 230 healthcare centers in Iowa, stated the incident shut down its online booking system, which has kept the system from being utilized to book online visits in Central Iowa.

A number of people claiming to be staff members and patients of CommonSpirit Health have expressed their concerns on social media websites. Patients have stated they could not get health care and prescribed medications, which include drugs for dealing with cancer at home. Persons claiming to be workers have mentioned having nightmares because of needing to use paper charts. A nurse shared on Reddit that employees at the hospital could not access the Downtime Epic EHR system to view patient records, and the pharmacy cannot confirm orders and needed to manually write labels. Labs were also handwritten and faxed. Eleven days have passed since the incident and the IT systems remain offline.

No information was released at first regarding the precise nature of the incident. However, security researcher Kevin Beaumont tweeted immediately after the incident that it was a ransomware attack as confirmed now by CommonSpirit Health.

CommonSpirit Health mentioned in a new update that the incident is a continuing occurrence and the response is being handled, with support provided by top-rated cybersecurity experts. The Department of Health and Human Services, law enforcement, and other government bodies were already informed about the attack and are giving assistance.

CommonSpirit Health mentioned that all throughout the response, the main concern is to continue to offer the best quality of patient care and make sure of patient safety. Ongoing forensic investigation is determining the scope of the attack and a systems review is being done to find out whether there was any information affected. That process may take a while and additional data will be accessible when results were taken from the investigation.

CHI Health facilities were impacted and are still dealing with disruption. According to CommonSpirit Health, it is doing everything to restore systems online and will reestablish services as soon as possible. CommonSpirit Health has stated that there was little effect on the systems utilized by Virginia Mason Medical Center and Dignity Health.

Data Breaches Announced by Wolfe Clinic, SERV Behavioral Health System and Reiter Affiliated Companies

Wolfe Clinic, P.C located in Iowa lately reported that it was impacted by the Eye Care Leaders’ data breach. The attack on the electronic medical record provider compromised the protected health information (PHI) of 542,776 present and past Wolfe Clinic patients.

Wolfe Clinic utilized the myCare Integrity medical records program, which an unauthorized party accessed on or about December 4, 2021. The attacker erased databases and system settings files. Forensic experts investigated the security breach, however, there was insufficient forensic evidence because of the removal of files. Hence, it cannot be determined if the attackers accessed or obtained the PHI of Wolfe Clinic patients. Potentially compromised information includes names, addresses, dates of birth, Social Security numbers, diagnostic data, and medical insurance data.

When issuing breach notifications, Wolfe Clinic did not receive any identity theft and fraud report associated with the data breach at Eye Care Leaders. Impacted persons were provided one year of free credit monitoring and identity theft protection services.

The data breach at Eye Care Leaders impacted about 40 eye care providers and led to the compromise of the PHI of approximately 3.6 million patients.

Reiter Affiliated Organizations Report Cyberattack in June 2022

Reiter Affiliated Companies, the biggest fresh, multi-berry manufacturer worldwide, lately affirmed that an unauthorized third party acquired access to its system from June 25, 2022 to July 4, 2022. The attack was identified on July 4, 2022, when selected systems became inaccessible. Immediate action was undertaken to protect its systems against continuing unauthorized access. An investigation was started to find out the nature and extent of the attack. It was confirmed by the forensic investigation that files were extracted from its systems at the time of unauthorized access, and those files involved the Health and Wellness Plan enrollment rosters with the names of plan members, birth dates, and Social Security numbers.

Impacted persons were informed by mail and were provided free credit monitoring and identity theft protection services. Reiter Affiliated Companies stated it took steps to enhance security and stop more data breaches later on.

Reiter Affiliated Companies, LLC’s breach report sent to the HHS’ Office for Civil Rights indicated that 45,000 people were affected. The Reiter Affiliated Health and Welfare Plan’s breach report indicated that 45,000 people were affected.

SERV Behavioral Health System Reports Cyberattack in May 2022

SERV Behavioral Health System located in New Jersey lately reported that it suffered a cyberattack whereby the PHI of 8,110 persons was likely exposed. The health system stated it discovered the attack on May 27, 2022, and conducted a forensic investigation that ended on August 4, 2022. SERV mentioned it did not find any proof of access or theft of any patient data during the attack. However, the possibility of data theft cannot be ruled out. The analysis of all files possibly exposed included names, contact details, driver’s license numbers, Social Security numbers, and health data.

The health system already notified the Impacted persons by mail and took steps to enhance security to prevent similar attacks. The Hive ransomware group professed to have launched the attack.

New York Ambulance Service Reports Ransomware Attack and Data Breach of 318K Records

The Ambulance Service in New York, Empress EMS (Emergency Medical Services), has reported a ransomware attack. Empress EMS detected the attack on July 14, 2022, and the files contained in selected systems were encrypted. Based on the notification posted on the company’s website, EMS took immediate steps to control the incident and engaged third-party forensics specialists to look into the attack.

According to the result of the forensic investigation, on May 26, 2022, the attackers initially acquired access to its system and on July 13, 2022, duplicated a small part of the files. Then, they deployed ransomware to encrypt the files on its system. A thorough analysis of the impacted files affirmed the inclusion of protected health information (PHI) like names, insurance details, dates of service, and Social Security numbers of a number of individuals.

Empress EMS already sent the data breach report to the HHS’ Office for Civil Rights indicating that up to 318,558 patients were affected. Empress EMS has informed all impacted persons and has instructed them to keep an eye on their healthcare reports for the correctness and told them that credit monitoring services will be provided to selected persons. Empress EMS mentioned that it took steps to reinforce system security to avoid the same occurrences down the road.

Empress EMS didn’t mention which group was responsible for the attack; nevertheless, the Hive ransomware group has professed its responsibility for the cyber attack. Databreaches.net acquired the copy of the ransom note and a part of the stolen information and stated that the files seem to include the PHI of the patients of Empress EMS. The Hive gang admits to having acquired the Social Security numbers of over 100,000 individuals, and customer data like home and email addresses, telephone numbers, passport numbers, payments, and working time. Employee information was likewise affected, together with NDAs, contracts, and other private company details.

During publication, the Hive group did not list the stolen information on the data leak website, however, some information was temporarily uploaded. Usually, when the victim does not pay the ransom, the group carries on its threat and posts the stolen information.

Study Reveals Growing Mortality Rate and Poor Patient Outcomes Following Cyberattacks

According to a recent study, over 20% of healthcare companies encountered a rise in mortality rate following a major cyberattack and 57% of the healthcare organizations mentioned they encountered negative patient outcomes as around 50% reported a rise in health complications. The most typical results of the attacks that led to negative patient outcomes were late procedures and testing.

The Ponemon Institute conducted the study together with cybersecurity agency Proofpoint. The study involved 641 healthcare IT and security professionals in America, with the results published in the reports Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care. The results reflect those of an earlier study performed by the Ponemon Institute in 2021 with Censinet. The study involved 597 healthcare participants and 22% said they encountered higher mortality rates after a ransomware attack.

The most recent study applied a wider cyberattack definition, including the four most popular types of attack – ransomware, cloud compromise, supply chain, and business email compromise/phishing, and consequently suggests it isn’t just ransomware attacks that adversely impact patient outcomes. Ransomware attacks cause file encryption that can make critical IT systems inaccessible. Quite often healthcare companies have to deactivate IT systems to control an attack. The time it takes to recover from a ransomware attack is usually more than other kinds of attacks. The survey established that ransomware attacks got the greatest effect among the four types of attacks. 64% of healthcare companies stated they encountered delays in medical testing and procedures after a ransomware attack and 59% stated the attacks caused extended patient stays.

It must be mentioned that the two studies proved the relationship between cyberattacks and unfavorable patient outcomes however didn’t show causation. More studies must be done to determine precisely what facets of the attacks have the greatest adverse effect on patient results and cause a rise in mortality rate.

The attacks that were analyzed had substantial pressure on healthcare company resources. Their result isn’t just incredible cost but in addition, an immediate effect on patient care, jeopardizing the safety and wellness of people. The majority of the IT and security experts consider their companies as susceptible to these attacks, and 66% think that increased adoption of technologies including cloud, mobile, Internet of Things, and big data leads to more risks to patient information and safety.

The Proofpoint survey additionally revealed the magnitude of attacks on healthcare companies. 89% of surveyed companies encountered about 43 attacks during the last 12 months, though the degree of successful attacks is not clear. Cyberattacks on healthcare companies have a substantial financial effect. An earlier study, done by the Ponemon Institute with IBM Security, discovered the cost of a cyberattack on average has grown to $4.4 million. The healthcare sector got the top breach costs among all industries, with the cost of a healthcare data breach on average increasing to $10.1 million.

Challenges in Healthcare Cybersecurity and the Biggest Security Threats

One of the major problems encountered by healthcare companies is getting the required talent to protect against attacks. 53% of respondents rated insufficient in-house competence as a major challenge. 46% mentioned they didn’t have enough workforce in cybersecurity and the two factors had an adverse impact on the security posture of organizations.

Respondents have questioned their greatest security issues and one of the primary concerns was medical device safety. Healthcare companies have 26,000 medical devices linked to the internet, and these were regarded as a cybersecurity threat by 64% of respondents, however only 51% of respondents mentioned these devices are included in their cybersecurity method.

75% of survey respondents stated they were vulnerable to cloud compromise, and 72% stated they were susceptible to ransomware attacks. 54% of companies mentioned they had encountered a cloud compromise in the last two years, with those companies going through about 22 of that sorts of compromises; nonetheless, 64% of companies stated they took steps to get ready for and respond to those cyber attacks.

60% of companies stated they were most worried about ransomware attacks, and 62% stated they took steps to avoid and react to ransomware attacks.

71% of companies mentioned they were susceptible to supply chain attacks and 64% were susceptible to BEC and phishing/spoofing attacks, but just 44% and 48% mentioned they had recorded response plans for these attacks.

Protecting Against Healthcare Cyberattacks

More cyberattacks on the healthcare sector are becoming sophisticated. In order to secure against these attacks, an in-depth strategy with several overlapping protection layers is necessary. It is additionally essential to have a recorded and practiced incident response plan set up for every major kind of attack. Not being ready to respond to cyberattacks could put patient safety in danger. With an incident response plan set up, where all people engaged in the response understand their roles and duties could limit the recovery time substantially, which restricts the unfavorable effect on patients and minimizes the financial expense. Having consultants and cybersecurity companies that completely know the infrastructure of a company is a big edge and makes certain the quickest possible response in case of a successful cyber attack.

Although cyberattacks could be sophisticated, they frequently begin with phishing or social engineering attack. The significance of employee training can’t be over-emphasized. All workers ought to know why good cyber hygiene is important and what it involves, and they must be trained on how to identify phishing and social engineering attacks. Providing employees with regular cybersecurity awareness training and doing phishing simulations could considerably minimize risk with time.

Healthcare has usually lagged behind other industries when dealing with vulnerabilities to the increasing cybersecurity attacks, and this inactivity has a direct adverse effect on patients’ safety and wellness. So long as cybersecurity is not a high priority, healthcare companies will endanger their patients. To prevent disastrous effects, healthcare companies should know how cybersecurity impacts their patient care and do what is necessary
to better prepare and protect people and secure information.

PHI Compromised in Cyberattacks on Columbia River Mental Health Services and Methodist McKinny Hospital

Methodist McKinny Hospital located in Texas has lately reported that unauthorized individuals accessed its systems and extracted files that contain sensitive information from its systems. The hospital detected the security breach on July 5, 2022, and a third-party cybersecurity company investigated the nature and extent of the breach. The investigation revealed that the attackers accessed its systems from May 20, 2022 to July 7, 2022, and at that time, they exfiltrated files with patient information. The initial investigation has affirmed that the files included names, Social Security numbers, addresses, dates of birth, medical history data, medical diagnosis details, treatment data, medical record numbers, and medical insurance details.

The security breach investigation is in progress and a comprehensive review of all impacted files was started to find out the patients impacted. It was confirmed that the breach impacted patients of Methodist Allen Surgical Center, Methodist McKinney Hospital, and Methodist Craig Ranch Surgical Center. The hospital will send notifications to impacted patients sooner or later. It is presently uncertain how many persons were impacted.

Methodist McKinny Hospital’s substitute breach notification didn’t reveal the nature of the cyberattack, however, it seems to have been a ransomware attack. The Methodist McKinny Hospital is listed on the Karakurt ransomware gang’s data leak site as a pre-release and states that 367 GB of information was extracted during the attack.

Employee Email Accounts Breach at Columbia River Mental Health Services

Columbia River Mental Health Services has lately informed the HHS’ Office for Civil Rights concerning a security breach that involves some employee email accounts. Based on the breach notification, the provider detected suspicious activity in a number of email accounts. Third-party forensics specialists were involved to look into the breach. As per the investigation, unauthorized individuals accessed the email accounts from May 14, 2021 to April 8, 2022.

On July 6, 2022, the analysis of the impacted accounts confirmed that they contained the protected health information (PHI) of patients. The evaluation of the data in the accounts is in progress. Breach notification letters will be mailed to impacted persons as soon as the review is concluded. The breach report submitted to the HHS’ Office for Civil Rights indicated that ‘501’ persons were impacted to meet the last day for submitting the incident report. The breach total is going to be updated upon confirmation of the number of impacted persons.

United Health Centers of San Joaquin Valley and Lee County Emergency Medical Services Affected by PHI Breach

In August 2021, the Vice Society ransomware operation posted stolen information on its data leak website that was purportedly acquired during a cyberattack on United Health Centers of San Joaquin Valley. Bleeping Computer discovered the data leak on August 31, 2021 and tried to notify United Health Centers several times. Databreaches.net likewise knew about the data breach and in the same way, tried to alert United Health Centers several times.

More or less one year on, United Health Centers had informed the people whose protected health information (PHI) was compromised or stolen in the attack. The breach notification sent to the California Attorney General last August 12, 2022 stated that United Health Centers encountered technical problems on August 28, 2021, which triggered the disruption to its computer network. The company took immediate steps to protect its systems and launched an investigation to find out the reason for the incident.

United Health Centers stated it found out on September 22, 2021 that the attacker exfiltrated patient information from its network. It engaged third-party experts to determine the extent of the data breach. According to the investigation results, data was exfiltrated from August 24, 2021 to August 28, 2021. A detailed analysis of the compromised information was finished on April 11, 2022. United Health Centers stated that it then worked promptly to deliver notification letters to those individuals whose data was included in the compromised documents.

The documents included names, health record numbers, and Social Security numbers. Impacted persons were provided a 12-months free membership to identity theft restoration and credit monitoring service by Experian. It is presently uncertain precisely how many individuals were impacted.

Lee County Emergency Medical Services Informs Patients Affected by Third-Party Data Breach

Lee County Emergency Medical Services just began informing a number of patients regarding a data breach on its business associate Intermedix Corporation. The two companies had worked together for about 15 years prior to terminating their contract in September 2014. Intermedix Corporation had provided certain patient data to the law company, Smith, Gambrell & Russell (SGR).

Lee County Emergency Medical Services stated in a breach notification posted on its website on August 11, 2022 that it received a notification on August 4, 2022 about a data breach that occurred at the law company. SGR stated it found out on August 9, 2021 that an unauthorized individual exfiltrated files containing its clients’ sensitive data from its systems. A vendor was employed to help investigate and find out the extent of the breach.

The analysis of the files was finished on May 17, 2022. SGR mentioned the breached data involved names, addresses, driver’s license numbers, Social Security numbers, government IDs, and medical data, for instance, medical background, treatment, and diagnosis. SGR reported it took the necessary steps to strengthen security and has provided the affected patients with free credit monitoring services.

Lee County Emergency Medical Services stated it was informed of the breach on August 4, 2022, and since then it is working directly with Intermedix Corporation to determine the impacted persons. Notification letters are going to be sent to impacted persons in 14 – 21 days. The breach is not yet posted on the HHS’ Office for Civil Rights Breach website, hence it is uncertain how many persons were impacted. Lee County Emergency Medical Services reported approximately 2% of the files provided to SGR had been exposed.

657 Healthcare Organizations Affected by Ransomware Attack on Professional Finance Company

Professional Finance Company Inc. (PFC) based in Greeley, CO is an accounts receivable management company that reported a major data breach, which potentially affected 657 of its healthcare provider clients.

Based on the PFC website, the company is one of the top debt recovery organizations in the country, and its customer list consists of a lot of healthcare providers, merchants, financial companies, and government organizations. As per the company’s substitute breach notification, a sophisticated ransomware attack had been identified and blocked on February 26, 2022; nevertheless, not quick enough to stop the disabling of a few of its computer systems.

Third-party forensics professionals were involved to investigate the breach and offer help with securing its environment. Based on the investigation, an unauthorized third party got access to systems and files that had information about patients of its healthcare organization clients. PFC stated that it dispatched breach notification letters to all impacted healthcare company clients on May 5, 2022. Since then, all affected individuals had received breach notification letters.

The investigation found no evidence of misuse of patient data, nevertheless, data theft and improper use could not be eliminated. The types of data possibly accessed in the attack comprised: names, addresses, accounts receivable balances, data concerning payments made to accounts, and, for a number of persons, Social Security numbers, birth dates, health insurance details, and medical treatment data.

PFC stated it is giving complimentary identity theft protection and credit monitoring services to impacted persons. Unlike a number of recent data breaches that occurred at business associates of HIPAA-covered entities, PFC has released a listing of the healthcare companies affected.

The incident is not yet posted on the HHS’ Office for Civil Rights web portal, therefore, the number of individuals impacted by the breach is uncertain. However, with 657 healthcare organizations affected, it is likely that this is one of the biggest healthcare data breaches to be reported this year.

Data Theft Incidents Reported at Choice Health and MCG Health

The health insurance firm, Choice Health based in South Carolina, presently a part of Alight Solutions, has lately announced that the protected health information (PHI) of a number of its members were obtained by an unauthorized individual.

Choice Health found out on May 14, 2022, that a person was offering a set of data that were presumably stolen from Choice Health. On May 18, 2022, an investigation into a probable breach affirmed that a single Choice Health database was exposed online due to “a technical protection configuration problem caused by a third-party company.” Because of the issue, the database may be accessed online without requiring authorization.

Choice Health established that the database had been found and a number of database files were copied by an unauthorized person on May 7, 2022. Based on the notice sent to the California Attorney General, the files had information such as first and last names, Medicare beneficiary ID numbers, Social Security numbers, birth dates, addresses and contact data, and medical insurance details.

Choice Health stated it engaged a third-party company to secure the database and stated that it was no longer available over the web. Steps were also done to avoid similar occurrences later on, which include employing multi-factor authentication before getting access to its database files.

Choice Health mentioned it has not seen any misuse of plan member information; however, it has sent breach notifications to affected people and has provided them a membership to a credit monitoring and identity theft protection and resolution service for 2-months.

At this period, it is not clear how many persons were impacted. Databreaches.net noted that the forum write-up offering the information mentioned 600MB of data was acquired with 2,141,006 files. The files were described as including labels like Agents, Commission, Contacts, and Policies.

MCG Health ReportsReports Data Theft Incident

MCG Health based in Seattle, WA, a company offering patient care guidelines to healthcare companies and health plans, began informing patients and members of MCG clients about the potential theft of some of their PHI by an unauthorized party. Based on the breach notification on the MCG web page, MCG discovered on May 25, 2022, that an unauthorized person had acquired information that matched information on its systems, which includes names, postal addresses, phone numbers, email addresses, birth dates, gender, Social Security numbers, and medical codes.

MCG Health has instructed impacted persons to look at their account statements and keep an eye on their free credit statements for indications of misuse of their data. It seems that no identity theft protection or credit monitoring services are being provided.

The breach notice doesn’t mention the cause of the attack, how much information was compromised, how MCG Health knew about the stolen data or the time of the data theft occurrence.

Data Breaches Reported by Alameda Health System, AON, and Capsule Pharmacy

Alameda Health System based in California, Capsule pharmacy located in New York, and Aon PLC based in Illinois recently reported data breaches that affected a total of 56,290 people.

90,000 Alameda Health System Patients Notified About Data Breach

Alameda Health System located in Oakland, CA has lately submitted a data breach report to the Department of Health and Human Services’ Office for Civil Rights indicating that approximately 90,000 individuals were impacted. There are limited details released so far about the nature of the breach. Alameda Health System stated that there was suspicious activity detected in some employees’ email accounts. The subsequent investigation confirmed that an unauthorized third party accessed several employee email accounts.

The analysis of those email accounts affirmed they included the protected health information (PHI) of patients. However, it is uncertain how much patient information was compromised. According to Alameda Health System, there is no evidence found that suggests the viewing or removal of any data in the accounts. The provider will send the breach notification letters to affected persons shortly and will implement measures to enhance security and avert harm to patients.

27,486 Individuals Affected by Capsule Pharmacy Breach

A New York digital pharmacy Capsule Pharmacy has started sending notifications to 27,486 people that some of their PHI was exposed in a recent cyberattack. Based on the breach notification given to the California Attorney General, unauthorized persons acquired access to a number of Capsule accounts on April 5, 2022.

The pharmacy discovered the security breach on the same day and performed a password reset on all impacted accounts. A third-party digital forensics company assisted with the investigation and confirmed that the following types of data were potentially exposed: demographic details including names, phone numbers, addresses, email addresses, sex, and birthdates, health records such as medical ailments and prescribed medicines, past order log, insurance data, chat messages to and from Capsule agents, and credit card last 4 digits numbers and expiry dates.

Capsule said more security steps are being applied. Although a password reset was done on all affected accounts, Capsule is advising users to set different passwords for their different accounts. Be sure that the passwords are complex or passphrases that are not simple to guess, and do not use previous passwords again. This indicates the security breach was probably a password spraying attack.

PHI of More Than 28,700 People Possibly Compromised in Aon PLC Cyberattack

Business associate Aon PLC based in Chicago, IL provides financial risk-mitigation products, such as insurance and medical insurance plans. The company lately announced that it suffered a cyberattack. AON PLC discovered the security breach on February 25, 2022, and the forensic investigation affirmed that an unauthorized third party obtained access to selected Aon systems at different times from December 29, 2020, to February 26, 2022, and that some documents comprising people’s PHI were taken from its systems.

Aon stated it took steps to validate that the stolen information is no longer with the third party. There are no signs that the extracted data was further copied, stored, or shared. There is no rationale to think that any data was or will be misused. The impacted information only comprised names, driver’s license numbers, Social Security numbers, and, for a few people, benefit enrolment data. Aon mentioned it sent the incident report to the Federal Bureau of Investigation and other law enforcement authorities, and it has taken steps to further improve security.

FBI Foiled ‘Despicable’ Cyberattack on Boston Children’s Hospital

In 2021, the Federal Bureau of Investigation (FBI) aided Boston Children’s Hospital counter a cyberattack conducted by Iranian state-sponsored hackers and prevented any damage. FBI Director, Christopher Wray referred to the attempted cyberattack as a despicable cyberattack.

At the Boston Conference on Cyber Security, Director Wray stated Iranian state-sponsored attackers exploited a vulnerability present in a well-known software solution created by the Californian cybersecurity seller Fortinet. The FBI was informed about the breach and the impending attack by one more intelligence company and informed the hospital on August 3, 2021. Wray mentioned that the FBI connected with the hospital representatives and offered information that allowed the hospital to determine and offset the threat.

Wray mentioned this was an excellent instance of why they work in the field enabling that kind of quick, before-catastrophe-hits response, and mentioned that the incident serves to remind all healthcare providers to make sure they have an incident response strategy that engages the FBI. Wray stated this incident shows the danger of the strong effect of cyberattacks by nation-state threat actors from Iran, Russia, China, and North Korea. He also mentioned they must not let up on Iran or China or criminal syndicates though they were focused on Russia.

Last November 2021, the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, the Australian Cyber Security Centre (ACSC) and the National Cyber Security Centre (NCSC) in the UK, released a security advisory warning the healthcare industry and operators of critical infrastructure regarding an Iranian nation-state Advanced Persistent Threat actor who has been exploiting Microsoft Exchange and Fortinet vulnerabilities to steal information, perform ransomware attacks and extort cash from victims.

Wray didn’t indicate what kind of attack the threat actor was attempting to conduct, just that a cyberattack may have impaired the network, which may have had a damaging effect on the sick youngsters that depend on it. The said cyberattack seems like done via an HVAC vendor.

In August 2021, a threat actor called Databreaches.net and shared evidence of a successful attack on an HVAC supplier and stated that they had broken into the HVAC vendor’s systems and additionally got access to the networks of a children’s hospital. It was established that the HVAC supplier under consideration, gives services to the Harvard-connected hospitals, Brigham & Women’s Hospital, Boston Children’s Hospital, and Mass General Hospital.

Boston Children’s Hospital encountered cyberattacks in 2014. The hospital experienced an attack that interrupted its systems for more than one week. The attacks were carried out to retaliate how the hospital managed the custody battle case of patient Justina Pelletier. The individual liable for that attack was captured and convicted. He was sentenced to 10 years in jail in 2019.

Over 850,000 People Affected by Cyberattack on Partnership Health Plan of California

In March 2022, Partnership HealthPlan of California (PHC) reported that third-party forensic professionals were requested to help reestablish the operation of its IT network right after a cyberattack. PHC has already affirmed in a breach notification sent to the Maine Attorney General the potential theft of the protected health information (PHI) of 854,913 current and previous health plan members. This case is one of the biggest healthcare data breaches announced to date this year.

Based on the notification, the cyberattack was discovered on or approximately March 19, 2022. PHC took steps immediately to limit the breach and launched an investigation to find out the nature and magnitude of the cyber attack. PHC stated the forensic investigation found proof that the unauthorized party responsible for the cyberattack had taken files from the PHC network on or about March 19.

The assessment of the compromised files is in progress, and although it is not yet affirmed which particular types of protected health information were included in the impacted files, the health plan is starting to send notification letters to affected people. PHC mentioned the types of information possibly stolen may consist of names, email addresses, addresses, dates of birth, Tribal ID numbers, driver’s license numbers, Social Security numbers, medical record numbers, health insurance details, diagnoses, treatment, and prescription data, other clinical details, and member online account usernames and passwords.

Although PHC failed to express the nature of the cyberattack in its breach notification letter, the Hive ransomware gang has professed to be behind the attack and claims it stole approximately 400 GB of files, a portion of which was temporarily uploaded to the group’s data leak website. PHC stated it is going over and improving its policies and procedures associated with data protection and security, and extra security steps and safeguards will be put in place to protect against this sort of event later on. PHC is covering the price of access to credit monitoring services for victims for two years. Recently, a class-action legal case was filed on behalf of persons impacted by the breach.

Mental Health Center of Greater Manchester and Illinois Gastroenterology Group Announce Hacking Incidents

Illinois Gastroenterology Group lately announced that unauthorized people acquired access to its computer environment and possibly accessed and exfiltrated sensitive patient data. The group detected the cyberattack on October 22, 2021 because of suspicious activity identified inside its computer network.

Third-party cybersecurity professionals were involved to look into the attack and figure out the nature and scope of the incident. On November 18, 2021, Illinois Gastroenterology discovered that the sections of its systems that the unauthorized individuals accessed contained patient data like names, addresses, birth dates, passport numbers, driver’s license numbers, Social Security numbers, financial account details, payment card data, employer-assigned identification numbers, medical details, and biometric information.

Illinois Gastroenterology stated it was not possible to rule out unauthorized viewing or theft of files that contain patient records, however, during the time of issuing notification letters, there was no report received that suggest any fake misuse of the breached information. The evaluation of the affected files was done on March 22, 2022, and notification letters were now mailed to impacted persons.

Due to the breach, policies and procedures associated with network safety were examined and improved, the implementation of a better managed Security Operations Center was accelerated, and multi-factor authentication was put in place. Although the security breach wasn’t confirmed as involving ransomware, Illinois Gastroenterology mentioned a new endpoint detection and response platform was deployed that has policies enabled particularly for ransomware.

The data breach report was recently submitted to the HHS’ Office for Civil Rights as having approximately 227,943 victims.

Data of Mental Health Center of Greater Manchester Patients Exposed

The Mental Health Center of Greater Manchester (MHCGM) based in New Hampshire made an announcement that patient information was likely exposed in a cyberattack at the Center for Life Management (CLM), a third-party community mental health services partner, which was used for storage of data.

On February 21, 2022, an unauthorized individual accessed CLM’s systems. CLM discovered the cyberattack on February 23, 2022, and immediately secured its systems to stop further unauthorized access. The breach only affected CLM’s systems and the security of MHCGM’s systems was not impacted.

CLM looked into the incident and it was affirmed on April 11, 2022 that the attackers possibly viewed and copied files comprising patient data including names, addresses, dates of birth, Social Security numbers, diagnoses, medical details, discharge data, and treatment locations and/or healthcare organizations.

There was no evidence found that indicates unauthorized individuals viewed or got any specific data as a result of the attack; nevertheless, affected persons were offered a year of complimentary credit monitoring. MHCGM stated it is not using CLM anymore for data storage and is getting rid of all information from CLM’s systems.

The HHS’ Office for Civil Rights breach website show 1,322 MHCGM patients were impacted.

Cyberattack Announced by Salusive Health and New Creation Counseling Center

Salusive Health, the creator of the myNurse platform which assists doctor practices to simplify disease management, has encountered a cyberattack whereby patient information was affected.

In the Salusive Health’s breach notification letters mailed to patients, it mentioned that it discovered unauthorized activity inside its computer system on March 7, 2022, and quickly enforced containment, mitigation, and restoration initiatives, and had third-party cybersecurity specialists to give assistance with those steps. The investigation established that unauthorized persons accessed the personal data and protected health information (PHI) of patients, including name, telephone number, gender, home address, email address, birth date, medical background, diagnosis and treatment data, dates of service, laboratory test findings, prescription details, medical account number, name of provider, group plan provider, health insurance policy and group plan number, and claim data.

Salusive Health stated it enforced more security steps to stop more breaches, has informed impacted persons and provided complimentary identity theft protection services, and sent a report regarding the cyberattack to the FBI. The incident is not yet published on the HHS’ Office for Civil Rights’ breach site, therefore it is uncertain at this period how many people were affected.

Salusive Health additionally revealed in the breach notification letters that the hard decision was considered to stop clinical operations on May 31, 2022, which will permit patients to pass their chronic care management and remote tracking services back to their primary care doctors. Salusive Health mentioned the choice to end operations is not related to the data security incident.

24,000 Patients Impacted by New Creation Counseling Center Ransomware Attack

New Creation Counseling Center (NCCC) located in Tipp City, OH, has lately begun informing 24,029 patients that some of their PHI were possibly exposed in a recent cyberattack.

NCCC detected a compromise of its IT networks on February 13, 2022 because its users are unable to access files on the network. The center promptly had taken steps to stop more unauthorized access and began an investigation to find out the nature and magnitude of the breach. NCCC affirmed the use of ransomware to encrypt data files and helped third-party cybersecurity specialists with the response and recovery.

NCCC stated that it continued to give health care to patients all the way through and that the ransomware has been removed from its programs. Although the investigation didn’t uncover any proof of information theft, it wasn’t possible to ignore it. An assessment of files on the impacted systems affirmed they included names, telephone numbers, addresses, email addresses, dates of birth, Social Security numbers, medical insurance details, intake forms, clinical releases, and treatment information.

Breach notifications had been mailed to impacted people starting on April 12, 2022, and 12 months of credit monitoring services were provided to patients without cost.

American Dental Association Recovers from Cyberattack

The American Dental Association (ADA) encountered a cyberattack and had to take a lot of its systems offline. The ADA website is presently accessible right now and states that the ADA is suffering from technical problems and that it is being worked on to get its systems working well. Although the website doesn’t present any other facts on the reason behind the technical issues, emails were given to ADA members telling them about the cyberattack.

The letters state that portions of its network were taken off the internet and that ADA email, Aptify, the telephone system, and web chat were all affected. Lots of its online services are inaccessible at the moment; nevertheless, information about the attack was not given at this time.

The ADA mentioned it has reported the cyberattack to authorities and it is checking out the nature and magnitude of the attack and is being helped by third-party cybersecurity experts. The investigation hasn’t found any information on data theft at this period and the level to which its members, dental practices, and other dental establishments were impacted is unknown. Various state dental associations have likewise noted on their websites that technical problems are being suffered, which include the New York and Florida Dental Associations.

Though some information was made public concerning the specific nature of the attack, it has the characteristics of a ransomware attack. As per Bleeping Computer, Black Basta, a new ransomware operation, has stated it is responsible for the cyberattack and has posted some of the stolen information on its data leak webpage. Black Basta states the leaked files is approximately 30% of what was stolen from the ADA and comprise employee details, financial data, and other sensitive records.

Black Basta is a new ransomware group that commenced doing attacks mid-April 2022, with the earliest acknowledged victim being Deutsche Windtechnik, the German wind farm owner. The ransomware encrypts data information utilizing AES+RSA algorithms and adds the .basta extension to encrypted data files. The group says in its ransomware notes that information was stolen and will be publicized on its TOR web page in case the ransom is not paid. The desktop on victim devices is substituted with a graphic with the note, “your network is encrypted by Black Basta group.” A readme.txt file is added on the desktop with details for getting backfiles.

2021 Had Very High Numbers of DDoS Attacks on the Healthcare Sector

A new Comcast Business report shows that 2021 had 9.84 million Distributed Denial of Service (DDoS) attacks reported, which increased by 14% from 2019, albeit somewhat lower than the prior year with 10.1 million attacks.

The minor decline in attacks was because of a few factors. 2020 was a remarkably awful year because it was a complete lockdown year. Employees were working remotely and students were learning from home. Attackers had a distinctive setting that allowed the launch of an unparalleled number of DDoS attacks. The high costs of cryptocurrencies in 2021 meant that numerous threat actors diverted their botnets from performing DDoS attacks to mining cryptocurrencies.

In 2021, 73% of DDoS attacks were carried out on just four industries – government, healthcare, education, and finance. Attackers followed seasonal trends and activities all through the year, with education getting attacked in accordance with the school year, and COVID-19 and vaccine availability encouraged DDoS attacks on the healthcare sector.

Multi-vector attacks rose by 47% in 2021. Comcast Business DDoS Mitigation Services secured clients against 24,845 multi-vector attacks directed at layers 3, 4, & 7 (Network, Transport & Application) at the same time. 69% of Comcast Business users were impacted by DDoS attacks in 2021, increasing by 41% from 2020, and 55% of Comcast Business customers encountered multi-vector attacks aimed at layers, 3, 4, & 7 concurrently. There was additionally a big increase in the number of vectors utilized in multi-vector attacks, growing from 5 in 2020 up to 15 in 2021, with the amplification methods in the attacks escalating from 3 to 9.

DDoS attacks send traffic to victims’ networks to render them unusable, and although attacks are usually performed only for that reason, it is typical for DDoS attacks to be done to distract companies and use resources while the attackers do other nefarious activities. There exists a good link between DDoS attacks and security breaches. Based on a Neustar survey, about half of businesses (47%) that encountered a DDoS attack found a virus within their networks following the attack, 44% stated malware was triggered, 33% claimed a network breach, 32% claimed customer information theft, 15% experienced a ransomware attack, and 11% were affected by financial theft.

The most serious attack that happened in 2021 was a 242 Gbps DDoS attack, which is sufficient to saturate even high bandwidth Ethernet Dedicated Internet (EDI) circuits in just minutes. The extent of attacks has expanded and development has been determined to be where threat actors carry out low-volume attacks to remain under the radar of IT teams and prompt damage on several levels. This strategy can break down website performance, yet the attacks are frequently not noticed by IT groups, who just find out they were targeted when they commence receiving complaints from clients.

DDoS attacks are not costly to execute, costing only a few dollars, though for a couple of hundred dollars massive attacks may be performed that can cripple companies. DDoS attacks could be unbelievably expensive for organizations. The attacks could prevent businesses from reaching their customers and meeting SLAs, and the attacks may lead to damaging financial and reputational harm. In certain instances, the damage is very severe that companies were pressured to permanently close. For organizations that rely on accessibility, every single minute of downtime can result in losses even up to millions of dollars.