Mark Wilson
Med-Data Settles Data Breach Legal Case Through $7 Million Agreement
Med-Data Inc., a revenue cycle management services provider based in Spring, TX, has reached a $7 million settlement to address all claims arising from a data breach spanning from 2018 to 2019, affecting around 136,000 individuals. Between December 2018 and … Read more
Green Ridge Behavioral Health Faces OCR HIPAA Action After Ransomware Attack
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced the settlement of a ransomware investigation involving Green Ridge Behavioral Health, LLC, a Maryland-based psychiatric practice, highlighting the growing cybersecurity threats facing the healthcare … Read more
BlackCat Ransomware Group Behind Change Healthcare Cyberattack
Change Healthcare, a leading provider of healthcare billing and data systems, finds itself grappling with a severe cybersecurity crisis following the detection of a malicious cyberattack on February 21, 2024. This attack, attributed to the BlackCat ransomware group, has put … Read more
Integris Health Reports 2.39 Million People Impacted by Cyberattack
Integris Health has finished the analysis of the files that were viewed/stolen as a result of a cyberattack in November 2023. It has submitted the breach report to the Department of Health and Human Services (HHS) Office for Civil Rights … Read more
$4.75 Million HIPAA Penalty on Montefiore Medical Center Due to Malicious Insider Incident
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reported the first financial penalty issued in 2024 to settle alleged HIPAA violations. Montefiore Medical Center has consented to pay a $4.75 million penalty to settle the … Read more
Patch for Fortra GoAnywhere Critical Vulnerability and Unauthorized Remote Access Using the ScreenConnect Tool
Fortra has announced a critical vulnerability identified in its GoAnywhere Managed File Transfer (MFT) solution and also issued a patch. Vulnerability CVE-2024-0204 is an authentication bypass bug caused by a path traversal weakness. An unauthenticated user can exploit the vulnerability … Read more
Data Breach Reports by Columbus Regional Healthcare System, Senior PsychCare, and Aria Care Partners
133K Record Data Breach at Columbus Regional Healthcare System Columbus Regional Healthcare System located in Whiteville, NC, has informed the Maine Attorney General about a patient data theft due to a cybersecurity incident. Unauthorized people got access to its system … Read more
Data Breach Reports by Electrostim Medical Services, Meridian Behavioral Healthcare and Network 180
543,000 Electrostim Medical Services Patients Affected by Data Breach The medical device firm Electrostim Medical Services, Inc. in Florida, which is also called EMSI, has reported that it encountered a cyberattack in May 2023 which involved access to sections of … Read more
Cyberattack and Data Breaches at Anna Jaques Hospital, NYC Health + Hospitals, and Corewell Health Business Associate
Anna Jaques Hospital Cyberattack on Christmas Day Anna Jaques Hospital located in Newburyport, MA, encountered a cyberattack on Christmas Day that caused an interruption to its health record system. It was decided to redirect ambulances to other nearby hospitals until … Read more
New York Presbyterian Hospital Pays $300K Fine for Using Website Pixel
New York Presbyterian Hospital has decided to resolve alleged Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule violations by paying the New York Attorney General a $300,000 financial penalty. NYP manages 10 hospitals around New York City and has … Read more
Urgent Action Needed on Citrix Bleed Vulnerability as Ransomware Attacks Increase
Ransomware groups are exploiting a critical vulnerability identified in NetScaler ADS (earlier known as Citrix ADC) and NetScaler Gateway (Citrix Gateway) devices, referred to as Citrix Bleed. On October 10, 2023, Citrix released a security alert concerning the vulnerability and … Read more
Data Breaches Reported by State of Maine, Affinity Legacy, The Charles Lea Center and Detroit Chassis
State of Maine Data Breach Impacts 450,000 Records The State of Maine has reported the theft of the protected health information (PHI) of 453,894 persons in the latest mass exploitation of a zero-day vulnerability in the MOVEit Transfer solution by … Read more
Advisories on Critical ownCloud Vulnerabilities, Critical FortiSIEM Vulnerability and Emotet Malware Threat
HC3 Alerts HPH Sector Regarding Critical FortiSIEM Vulnerability and Ongoing Emotet Malware Threat The Health Sector Cybersecurity Coordination Center (HC3) has alerted healthcare companies that utilize Fortinet’s FortiSIEM platform to fix a critical vulnerability that is probably exploited by malicious … Read more
Guidance on Managing Legacy Medical Devices and Advisory Against Rhysida Ransomware Attacks
FDA Releases Guidance on Managing Legacy Medical Device Cybersecurity Risks The U.S. Food and Drug Administration (FDA) has released a report that recommends how to handle the cybersecurity problems of legacy medical gadgets. Legacy medical gadgets are considered devices that … Read more
Data Breaches at Medical Eye Services, PeakMed, Prospect Medical Services, and 4 More Healthcare Providers
Medical Eye Services Says PHI of 370,000 Patients Stolen in MOVEit Transfer Hack Medical Eye Services, Inc. based in California recently reported the theft of the protected health information (PHI) of 346,828 persons. The PHI was stolen from the MOVEIt … Read more
HIPAA Cases Against Doctors’ Management Services and Wright & Filippis Resolved
Doctors’ Management Services Resolves OCR HIPAA Case for $100,000 The HHS’ Office for Civil (OCR) has consented to resolve an investigation of a ransomware attack and data breach that revealed several potential HIPAA Security Rule violations of Doctors’ Management Services … Read more
Cyberattacks on Westchester Medical Center Health Network, Fellowship Village, Meadville Medical Center, and BHI Energy Health Plan
Westchester Medical Center Health Network (WMCHealth) has encountered a cyberattack that impacted its IT systems. The health network discovered the attack last week. On October 20, 2023, at 10 p.m., all connected systems were shut down. The downtime was estimated … Read more
Data Breaches Reported by Fairfax Oral and Maxillofacial Surgery, Henwood Family Dentistry, Piedmont Healthcare and Surround Care
Fairfax Oral and Maxillofacial Surgery Ransomware Attack Impacts 236,000 Individuals Fairfax Oral and Maxillofacial Surgery based in Virginia has reported the potential compromise of the protected health information (PHI) of around 235,931 persons in a ransomware attack last May 2023. … Read more
Warning Against LokiBot Malware and Increasing Remote Access Software Threats
HHS Publishes Alert Against LokiBot Malware The Health Sector Cybersecurity Coordination Center (hC3) has publicized an Analyst Note regarding LokiBot – one of the most common and persistent malware variants. LokiBot, also known as Loki PWS, has been employed in … Read more
Community First Medical Center Data Breach, AlphV and CommonSpirit Health Ransomware Attack
Community First Medical Center based in Chicago, IL started telling 216,047 patients about a cyberattack that allowed an unauthorized entity to obtain access to its computer system on July 12, 2023. According to the September 26, 2023 breach notification, the … Read more
Advisory on Snatch Ransomware and the Lazarus Group
Feds Release Snatch Ransomware Alert After an Attack on Hospital The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint security alert regarding Snatch ransomware. The Snatch ransomware group carried out … Read more
Health Care Service Corporation and Schneck Medical Center Face Lawsuit
HIPAA Lawsuit Against Schneck Medical Center Resolved Schneck Medical Center based in Seymour, IN has resolved a lawsuit with Attorney General Todd Rokita of Indiana, regarding a ransomware attack and data breach in 2021 that impacted 89,707 Indiana locals. Schneck … Read more
Cyberattacks and Data Breaches Reported by Texas Medical Liability Trust, Bloom Health Centers and Other Healthcare Organizations
60,000 People Impacted by Texas Medical Liability Trust Data Breach The Texas Medical Liability Trust (TMLT) submitted a data breach report to the Maine Attorney General representing itself and its affiliate companies, Physicians Insurance Company, Texas Medical Insurance Company, and … Read more
Finding the Common Causes of Hacking/IT Incidents
The common source of healthcare data breach data is HHS Office for Civil Rights Breach Report. Although it is an important source of data to know the developments in data breaches, the Breach Report has limited scope since it merely … Read more
Sentinel Event Alert and State of External Exposure Management
Joint Commission Issues Guidance on Ensuring Patient Safety After a Cyberattack The Joint Commission has published a Sentinel Event Alert offering guidance on keeping patient safety after a cyberattack. There has been an increase in sophisticated healthcare cyberattacks. The question … Read more
Vulnerabilities Found in 1,900 Citrix NetScaler Devices and Limited Use of Generative AI by Malicious Actors
Malicious Actors Still Limit the Use of Generative AI It is feared that malicious actors will take advantage of generative AI to support their malicious pursuits; nevertheless, the use of generative AI by malicious actors seems to be minimal, definitely … Read more
Data Breaches Reported by Cummins Behavior Health, Redwood Coast Regional Center and Other Healthcare Entities
Data of 4 Million Coloradans Exposed in MOVEit Transfer Attack The Colorado Department of Health Care Policy and Financing (HCPF), which supervises the Medicaid program of the state and the Child Health Plan Plus (CHP+) program, has just reported the … Read more
Top Industries Targeted by Cyber Threat Actors and 2022’s Most Often Exploited Vulnerabilities
Top Targets for Cyber Threat Actors According to Blackberry’s most recent Global Threat Intelligence Report, the two most attacked sectors are healthcare and financial services. The information for the report was gathered between March and May 2023 from its cybersecurity … Read more
VUMC and Norton Healthcare Face Class Action Lawsuit
Class Action Lawsuit Filed Against Norton Healthcare Over BlackCat Cyberattack Norton Healthcare based in Kentucky operates over 140 clinics and hospitals all across Kentucky and Southern Indiana. It is confronted with a class action lawsuit in association with a cyberattack … Read more
Approved Information Blocking Penalties and the Mission of OSHA
Approved Final Rule for Information Blocking Penalties of Up to $1 Million for Health IT Companies HHS-OIG already approved the civil monetary penalties for health IT companies that are found engaging in information blocking. Penalties of as much as $1 … Read more
Delaware’s Comprehensive Data Privacy Law and HSCC’s Coordinated Healthcare Incident Response Plan Template
Comprehensive Data Privacy Law Passed by the Delaware Legislature The Delaware legislature passed a comprehensive new data privacy law. Delaware Governor John Charles Carney Jr is likely to sign the Personal Data Privacy Act making Delaware the 12th U.S. state … Read more
Cyberattacks at Precision Imaging Centers, Atrium Health Wake Forest Baptist, Marshall & Melhorn, and Murfreesboro Medical Clinic & SurgiCenter
Precision Imaging Centers located in Jacksonville, FL recently informed 31,010 patients with regards to a security breach that took place on or about November 2, 2022. Unauthorized persons acquired access to its system and extracted files that contain sensitive patient … Read more
Final Rule on Cyber Incident Disclosures and New Nevada Consumer Health Data Bill
SEC Postpones Final Rule on Cyber Incident Disclosures The Securities and Exchange Commission (SEC) was scheduled to release a final rule, mandating publicly traded companies to disclose important cyber breaches in their regulatory filings within four days of discovering a … Read more
New MOVEit Zero-Day Vulnerability, Critical Vulnerability in VMware Aria Operations for Networks, and CISCO AnyConnect Secure Vulnerability
Progress Software Alerts of New MOVEit Zero-Day Vulnerability – Quick Action Necessary Progress Software has released an alert concerning a new vulnerability identified in its MOVEit Transfer file transfer software program. It is an exploit that is available in the … Read more
Lawsuit Against Blackbaud and the New Limits of the Identity Theft Legislation
Blackbaud Had No Common Law Duty to Protect the Confidentiality of Trinity Health’s Records An Indiana district court judge has decided in support of the plaintiff in a lawsuit that alleged negligence for not preventing a breach of protected health … Read more
Trends in Data Breaches According to the 2023 Verizon Data Breach Investigations Report
Trends in Data Breaches According to the 2023 Verizon Data Breach Investigations Report Verizon 2023 DBIR: Rising Social Engineering Attacks While Ransomware Plateaus The Verizon 2023 Data Breach Investigations Report (DBIR) was published to offer insights into the present threat … Read more
Latest News About Cyberattacks and Email Account Compromise on Healthcare Providers
Ohio Hospital Exposed Nurses and Other Staff to Workplace Violence The Occupational Safety and Health Administration (OSHA) has confirmed that a children’s hospital based in Columbus, Ohio didn’t sufficiently safeguard healthcare staff from violence in the workplace. Patients assaulted nurses … Read more
Revised Pennsylvania Breach of Personal Information Notification Act and New StopRansomware Guide
The 2022 change to the Pennsylvania Breach of Personal Information Notification Act (BPINA) is currently in force. The revision extended the definition of personal data adding medical data, medical insurance details, and usernames along with a security question/answer or a … Read more
The BianLian Ransomware Group and Vulnerabilities on Illumina Sequencing InstrumentsIllumina Sequencing Instruments
FBI and CISA Warn About BianLian Ransomware and Extortion Group The Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory with regard to the BianLian ransomware and … Read more
SuperCare’s Proposed Data Breach Settlement and the Lawsuit Against University of Iowa Hospitals and Clinics
SuperCare Offers to Pay $2.25 Million to Resolve Data Breach Lawsuit SuperCare, a home care service provider in California, has offered to pay $2.25 million to settle a class action lawsuit associated with a 2021 hacking incident wherein the protected … Read more
Lawsuits Against One Brooklyn Health, 90 Degree Benefits, and Lehigh Valley Health Network
One Brooklyn Health Faces Lawsuit Over 235K-Record Data Breach One Brooklyn Health based in New York City manages three acute care hospitals, namely Interfaith Medical Center, Brookdale Hospital Medical Center, and Kingsbrook Jewish Medical Center. A class-action lawsuit has been … Read more
Recent Data Breaches Reported by Santa Clara Family Health Plan and Other Healthcare Organizations
Santa Clara Family Health Plan Encountered a Clop GoAnywhere Hack On March 30, 2023, Santa Clara Family Health Plan reported a 276,993-record data breach to the HHS’ Office for Civil Rights that was a result of a Clop ransomware group … Read more
Arizona Veterans’ Healthcare Facility Exposed Staff to Potentially Fatal Conditions and Other Data Breaches Reported
The investigation of an Arizona Department of Veteran Affairs (VA) healthcare facility showed that workers were put at risk because they were exposed to potentially fatal hazards on steam lines. Workers were permitted to do work on the steam lines … Read more
Proposed HIPAA Privacy Rule Update and CISA’s Updated Zero Trust Maturity Model
The HHS’ Office for Civil Rights has issued a Notice of Proposed Rulemaking (NPRM) concerning a HIPAA Privacy Rule update to reinforce the protection of privacy for reproductive health information. The proposed revision is in response to the decision of the Supreme … Read more
Health-ISAC Report on Present and Upcoming Cyber Threats to the Healthcare Industry
Ransomware and phishing are still the biggest concerns in terms of cybersecurity for healthcare providers based on Health-ISAC’s Current and Emerging Healthcare Cyber Threat Landscape report for February 2023. The joint report by Booz Allen Hamilton Cyber Threat Intelligence (CTI) … Read more
How the Federal Government Can Strengthen Healthcare Cybersecurity
The U.S. Senate Committee on Homeland Security and Governmental Affairs conducted a hearing to look at cybersecurity threats to the healthcare industry, what healthcare companies and the federal government are doing to overcome those risks, and know what the federal … Read more
Lehigh Valley Health Network and Maternal & Family Health Services Face Lawsuit Over Ransomware Attack
Lehigh Valley Health Network (LVHN) is facing a lawsuit om association with its latest BlackCat ransomware attack. The attack resulted in the encryption of files after exfiltrating data as is common in ransomware attacks; nevertheless, the attack was distinct because … Read more
Data Breaches Reported by Dental Health Management Solutions, Nursing Rehab Centre, The Chautauqua Center, Northeast Surgical Group, and White Bird Clinic
Dental Health Management Solutions Alerted Patients About Historic Data Breach Dental Health Management Solutions (DHMS) based in Cedar Park, TX provides the military/government and private individuals with dental services. It recently reported the exposure of the protected health information (PHI) … Read more
DoppelPaymer Ransomware Core Members and Medicare Beneficiary Identifier Theft Conspirator Arrested
DoppelPaymer Ransomware Core Members Arrested in Europol-Driven Operation Two persons alleged of being key DoppelPaymer ransomware group members were detained — one by the police in Germany and another by the Ukrainian Police officers and Ukraine German Regional Police. It … Read more
HPH Sector Warned Against Clop Cyberattacks and MedusaLocker Ransomware Attacks
At the beginning of February, attackers exploited a zero-day vulnerability (CVE-2023-0669) found in Fortra’s GoAnywhere MFT secure file transfer software on over 130 companies, which include a few companies in the healthcare sector, for instance, Community Health Systems (CHS) in … Read more