Cyber Attacks on R1 RCM Medical Collection Agency and Beaumont Health

One of the biggest medical debt collection companies in the US encountered a ransomware attack. R1 RCM in Chicago, earlier known as Accretive Health Inc., made $1.18 billion in earnings in 2019 and works with over 750 healthcare customers. The number of clients impacted by the attack is uncertain at this time.

Brian Krebs of Krebs on Security reported the breach recently. R1 RCM affirmed the ransomware attack, which caused the shutdown of its systems. Attempts of restoration are still in progress.

There is no information issued concerning the type of ransomware utilized in the attack and it is uncertain if the attackers stole patient information before file encryption. Krebs mentioned that Defray was used in the ransomware attack. Defray ransomware typically spreads through emailing malicious Word files in small, targeted campaigns. The threat actors using this ransomware had attacked education and healthcare verticals in the past.

In 2019, American Medical Collection Agency (AMCA), also a medical debt collection agency, encountered a ransomware attack. Before data encryption, the attackers stole about 27 million records. The AMCA incident was the 2019’s biggest data breach. The attack demanded a big cost forcing AMCA into bankruptcy. Having a lot more customers than AMCA, this R1 RCM ransomware attack could likely be much bigger, though it is not yet known if the culprits behind this Defray ransomware stole data before encrypting files.

6,000 Patients Affected by Beaumont Health Phishing Attack

Beaumont Health, the biggest healthcare system in Michigan, began informing 6,000 patients concerning the potential access of some of their protected health information (PHI) by unauthorized people due to a phishing attack.

Unauthorized people acquired access to several employee email accounts from January 3, 2020 to January 29, 2020. Beaumont Health found out on June 5, 2020 that one or more of the compromised email accounts comprised patient information. The following data might have been included: names, birth dates, diagnosis codes, diagnoses, procedures performed, treatment holiday area, treatment type, medication details, Beaumont medical record numbers and patient account numbers. Beaumont Health notified the impacted patients regarding the incident on July 28, 2020.

This is Beaumont Health’s second data breach report that is related to a phishing attack in 2020. In April, the health system informed 112,000 people regarding a phishing attack that happened in 2019. After the attacks, Beaumont Health took important steps to enhance email security, such as enhancing its multi-factor authentication software program, completing a risk analysis, and giving more training and education to Beaumont staff about identifying and managing malicious emails. The internal policies and procedures likewise had alterations to determine and remediate potential threats to reduce the possibility of the same event happening later on.