Data Breaches Due to Cyberattack in PillPack, Fertility Specialists Medical Group, CommonSpirit Health, and IMA Financial Group

19,000 Customer Accounts Compromised in PillPack Cyberattack

The online pharmacy, PillPack, owned by Amazon has lately begun informing 19,000 clients about the compromise of their protected health information (PHI) due to a cyberattack that occurred in April. PillPack detected unauthorized client account activity on April 3, 2023. The investigation showed that customer accounts were viewed by an unauthorized third party from April 2 to April 6, 2023. The breached accounts included names, telephone numbers, addresses, and email addresses. Roughly 3,600 accounts also contained prescription data.

According to the forensic investigation, the attacker did not steal the usernames and passwords used to get access to the accounts. Most likely, the credentials were taken from a breach that happened at a platform that used the same usernames and passwords. These kinds of credential-stuffing attacks could only happen because the usernames and passwords were used on several platforms. PillPack hasn’t received any report of misuse of customer information, and the types of data in the accounts aren’t enough to be employed for identity theft. Nevertheless, breach victims can be susceptible to phishing attacks to acquire more information. PillPack stated that the breach only affected PillPack and mailed notification letters to impacted persons.

9,400 Patients Affected by Fertility Specialists Medical Group Cyberattack

Fertility Specialists Medical Group (FSMG) based in Carlsbad, CA recently found out that unauthorized persons acquired access to its system and possibly got the PHI of 9,437 present and past patients. FSMG detected the network attack on March 20, 2023, and started a third-party forensic investigation to find out the nature and extent of the attack. The investigation ended on April 21, 2023 and revealed that an unauthorized person got access to the system and possibly obtained files that contain first and last names, birth dates, and medical data. A number of the impacted persons likewise had their Social Security numbers compromised. FSMG did not receive any report of misuse of the compromised information when notifications were sent.

FSMG stated IT experts checked the systems security, and will regularly review the data security measures to stop the same occurrences down the road. The healthcare provider offered free credit monitoring and identity theft protection services to all impacted persons.

Fortra GoAnywhere Hack Impacts Northwest Health – La Porte

Northwest Health – La Porte located in Indiana lately reported the compromise of the PHI of 10,256 patients during the series of attacks by the Clop ransomware group from January 28, 2023 to January 30, 2023. The attackers took advantage of a zero-day vulnerability present in Fortra’s GoAnywhewre file transfer software program and extracted information, which the attackers used in its efforts to extort money from affected individuals.

Fortra stated that it has already blocked unauthorized access, and it has rebuilt the file transfer platform with appropriate patching of the vulnerability. It offered the affected person ID restoration and credit monitoring services for the period of time established by state legislation.

PHI Possibly Exposed in IMA Financial Group, Inc. Cyberattack

The integrated financial services firm called IMA Financial Group, Inc. based in Wichita, KS has reported the potential theft of the PHI of 2,937 persons associated with IMA or its customers by unauthorized persons.

IMA detected suspicious system activity on October 19, 2022. It took immediate steps to protect its systems and engaged a third-party cybersecurity company to check into the incident. According to the investigation, unauthorized persons accessed IMA data and potentially stole that information on October 19, 2023.

The data analysis revealed on March 10, 2023 that the potentially stolen files in the attack contained PHI including names, birth dates, driver’s license information, Social Security numbers, other government ID numbers, medical data, and/or claim-related data. Updated contact data is needed to begin sending notification letters on April 19, 2023.

$160 Million Cost of Ransomware Attack

CommonSpirit Health has given a current estimate of the cost of the ransomware attack last October 2022, which is likely to go up to $160 million. CommonSpirit Health detected the ransomware attack on October 2, 2022 and took its systems offline. The attack impacted more than 100 present and past CommonSpirit establishments in 13 states. According to the forensic investigation, hackers initially acquired access to its system on September 16, 2022, and were blocked on October 3, 2022. The attackers took information from two file servers, but they failed to access its health record system. The stolen data included the PHI of more or less 624,000 patients.

CommonSpirit Health manages 143 hospitals and about 2,300 healthcare establishments in 22 states. It is the second-biggest non-profit health system in America. In the first quarter, CommonSpirt’s total revenue is $8.3 billion for 3 months up to March 31, 2023. Its total revenue is $25.6 billion for nine months up to March 31. In the first quarter of 2023, CommonSpirit reported $648 million in operating losses and $1.1 million in losses for the 9 months to March 31. The healthcare provider’s net losses are $231 million for the 3 months period and $445 million for the 9-month period because of better investment profits. CommonSpirit stated the ransomware attack didn’t have any effect on the operating results of the present quarter.

The ransomware attack was at first approximated to cost about $150 million, however, another $10 million in expenses were added to that amount. The higher cost considers lost income because of business disruption, costs acquired restricting the ransomware attack, and other company-associated expenses. In a meeting with investors, CommonSpirit discussed that the majority of of the $160 million is likely to be retrieved from underwriters, though retrieval of the expenses is likely to take some time. CommonSpirit additionally pointed out in its quarterly report that there’s a pending class action lawsuit associated with the ransomware attack and data breach. The lawsuit was submitted in December 2022 in X. Allegedly, CommonSpirit failed to apply sensible and proper security options to secure patient information. The lawsuit wants injunctive relief, compensation for the plaintiff and class up to $5 million, and legal expenses.