Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Exposed Patient Records. Show all posts

Michigan's Largest Healthcare Facility Confirms Ransomware Attack

 

One of Michigan's top healthcare systems acknowledged that it is dealing with a ransomware attack after a notorious hacking group boasted about the incident.

A McLaren HealthCare representative stated that the organisation had discovered unusual behaviour on its computer network and started investigation right away.

“Based on our investigation, we have determined that we experienced a ransomware event. We are investigating reports that some of our data may be available on the dark web and will notify individuals whose information was impacted, if any, as soon as possible,” a spokesperson stated. 

McLaren runs 13 hospitals in Michigan, as well as infusion centres, cancer centres, primary and specialised care offices and a clinical laboratory network. The company employs over 28,000 people and has a totally owned medical malpractice insurance company. 

The company reported issues affecting billing and electronic health record systems earlier this month. According to the Detroit Free Press, McLaren was forced to shut down the computer network at 14 different locations, a situation that became so dire that staff were forced to communicate via personal phones. 

McLaren has “retained leading global cybersecurity specialists to assist in our investigation, and we have been in touch with law enforcement. We have also taken measures to further strengthen our cybersecurity posture with a focus on securing our systems and limiting disruption to our patients and the communities we serve,” the spokesperson said. 

The spokesperson added that systems "remain operational," but did not answer questions about whether billing and record systems were operational again. They did not specify whether or not a ransom would be paid. 

The Black Cat/AlphV ransomware gang claimed responsibility for the attack in a last Friday morning post on their leak site. 

The group, who initially did not name the organisation before adding McLaren's name hours later, claimed to have acquired 6 TB of data, which allegedly included millions of people's personal information as well as videos of the hospitals' operations.

The Michigan Department of Emergency Management and Homeland Security, as well as the governor's office, did not reply to queries for comment on whether the corporation was receiving expertise. 

BlackCat has made a practise of going after healthcare facilities, triggering outrage earlier this year when it attempted to extort a Pennsylvania hospital network by posting images of breast cancer patients. It claimed responsibility for an attack on NextGen Healthcare, a technology company, in January. 

The group grabbed headlines worldwide two weeks ago when it attacked MGM Resorts, damaging six major Las Vegas casinos and paralysing slot machines, ATMs, and other machinery. 

The attack on McLaren comes just one month after another major U.S. hospital network was targeted by ransomware hackers. This week, the epidemic of ransomware attacks on hospitals reached Congress. House members held a hearing on the matter and heard testimony from various people who had battled hackers. 

One of Vermont's leading healthcare organisations' president, Stephen Leffler, spoke to Congress on his experience dealing with a 2020 ransomware assault and cautioned that even with their extensive security measures, they were still affected. 

“This really is an arms race. As we have all seen in the news over the past few 3 years, the cybercriminals and actors are getting increasingly sophisticated, and so this important work to protect our systems will never be fully finished,” Leffler stated.

LockBit Attack: Ransomware Gang Threatens to Leak Cancer Patients’ Medical Data


LockBit ransomware group recently revealed its intent to leak private medical data of cancer patients, stolen in the breach on Varian Medical Systems.

Varian, a subsidiary of Siemens Healthineeres, provides software for the oncology department's applications and specializes in offering therapeutic and diagnostic oncology services. The California-based corporation has more than 10,000 employees as of 2021 and had an annual profit of £269 million. 

While it is still unclear how LockBit got access to Varian's systems or how much data was stolen, the ransomware gang warned readers of its "victim blog" that if the company did not meet their demands within two weeks, soon, its private databases and patient medical data would be made public. Apparently, Varian has until 17 August to meet the negotiation demands in order to restore their stolen data, if they wish to avoid ‘all databases and patient data’ from being exposed in LockBit’s blog. 

The attack is most likely to be a part of ‘triple extortion,’ a strategy usually used by ransomware actors. The strategy involves a three-part attack on an organization that starts with the theft of data that appears to be sensitive before it is encrypted. The corporate victim of the breach can only get their data back and keep it private if they pay a ransom, following which they will receive – in theory – a decryption key from the hackers. 

In regards to the breach, Siemens Healthineers – Varian’s parent company confirmed that an internal investigation is ongoing. However, they did not provide any further details of the breach. 

“Siemens Healthineers is aware that a segment of our business is allegedly affected by the Lockbit ransomware group[…]Cybersecurity is of utmost importance to Siemens Healthineers, and we are making every effort to continually improve our security and data privacy,” said a spokesperson.

Growing Cases of LockBit

Recent months have witnessed a good many cyberattacks conducted by LockBit against some major companies. According to a report by the US Cybersecurity and Infrastructure Security Agency, in the first quarter of 2023, the ransomware gang has already targeted 1,653 companies. They frequently repurposed freeware and open-source tools for use in network reconnaissance, remote access, tunnelling, credential dumping, and file exfiltration. 

Some examples of the LockBit hit companies would be their recent campaign against the port of Nagoya, which ossified supply chains for Japanese automobile company Toyota, and SpaceX in which the ransomware gang claims to have led to a haul of 3,000 proprietary schematics, and an attempt to extort $70 million from Taiwanese chip maker TSMC.  

NextGen Data Breach, Personal Data of 1.5M Patients Hacked



NextGen Healthcare, the US-based electronic health record company, has recently revealed that their firm has suffered a breach in its systems, where hackers ended up stealing the personal data of more than one million patients, including roughly 4,000 individuals from Maine. 

NextGen Healthcare claimed in a letter to those impacted that hackers stole the names, birthdates, addresses, and Social Security numbers of patients.

"Security, in all its forms, is a top priority for NextGen Healthcare. When we learned of the incident, we took steps to investigate and remediate, including working together with leading outside cybersecurity experts and notifying law enforcement. The individuals known to be impacted by this incident were notified on April 28, 2023, and we have offered them 24 months of free fraud detection and identity theft protection," company spokesperson Tami Andrade stated.

In regards to the information compromised in the data breach, the company confirms that their “investigation has revealed no evidence of any access or impact to any of your health or medical records or any health or medical data.” However, on being asked if the company has any means, such as records, to ascertain what data has been exfiltrated, Andrade declined to respond.

While reporting the issue to the Maine attorney general’s office, the firm noted that it was alerted of the suspicious activities on March 30. They further discovered that hackers had gained access to its networks between March 29 and April 14, 2023. According to the notification, the attackers used client credentials that "appear to have been stolen from other sources or incidents unrelated to NextGen" to log into its NextGen Office system, a cloud-based EHR and practice management solution.

Prior to this incident, in January, NextGen had witnessed a ransomware attack, reportedly conducted by the ALPHV ransomware gang (also known as BlackCat). Fragments of data stolen in the attack, such as employee names, addresses, phone numbers, and passport scans were apparently seen listed on ALPHV’s dark web leak site.  

US Healthcare Startup Brightline Impacted by Fortra GoAnywhere Assaults

 

A firm providing virtual mental health services for children is the latest victim of Fortra's widespread ransomware onslaught, which has spread its effects even further. 

The American healthcare behemoth Blue Shield of California confirmed that data from one of its providers, Brightline, that was housed in its GoAnywhere file transfer platform had been taken in a data breach notice filed with the Maine attorney general's office. Threat analysts identified Brightline as a potential victim of the mass breach last week. It offers online coaching and therapy for kids. 

The breach notification verified that hackers—perhaps members of the Russia-linked Clop ransomware gang who claimed to have infiltrated over a hundred businesses via an unreported security flaw—accessed and possibly exfiltrated the personal information of over 63,000 patients. 

The group has announced that they will release the data taken from Brightline "soon" on Clop's dark web leak site, which they use to expose the stolen material absent payment of a ransom.

On its website or on social media, Brightline has not yet made the breach publicly acknowledged. John O'Connor, a representative for Brightline, declined to comment on TechCrunch's inquiries, although he did not deny that the hack has a 63,000 person impact. The number of young Brightline customers who are impacted is unknown. 

According to Blue Shield's breach report, the patient names, addresses, dates of birth, gender, Blue Shield subscriber ID numbers, phone numbers, e-mail addresses, plan names, and plan group numbers were all compromised. 

Nevertheless, Brightline is not the only healthcare provider among the 130 firms being affected by the Clop group. US Wellness, a provider of corporate health and wellness initiatives, also acknowledged that hackers had gained access to user personal information including names, addresses, dates of birth, and member ID numbers. 

Because of the severity of the Fortra vulnerability's effects on healthcare institutions, the U.S. government's health sector cybersecurity coordination centre, or HC3, issued a warning in February to help companies prepare for Clop's attacks. 

The City of Toronto, Investissement Québec, and Virgin Red are among the ever-expanding list of victims the group is known to have targeted outside of healthcare institutions. 

Virgin Red was contacted by Clop and, according to Jodie Burton, learnt that hackers had "illegally gotten some Virgin Red files via a cyber-attack on our provider, GoAnywhere." Although Fortra had promised them that their data was secure, TechCrunch has heard from other victims who, like them, only discovered that data had been taken after receiving a ransom demand.

Ransomware Attacks on U.S. Hospitals Causing Deaths

Every day we are witnessing ransomware attacks, and companies worldwide are investing millions to protect their network and systems from digital attacks, however, it is getting increasingly challenging to fight against cyber threats because cyber attackers do not only use traditional methods, they are also inventing advance technologies to fortify their attacks.

Hospitals and clinics are a top target of malicious attackers since reports suggest that the annual number of ransomware attacks against U.S. hospitals has virtually doubled from 2016 to 2021 and is likely to rise in the future given its pace, according to what JAMA Health Forum said in its recent research. 

As per the report, the security breaches exploited the sensitive information of an estimated 42 million patients. “It does seem like ransomware actors have recognized that health care is a sector that has a lot of money and they're willing to pay up to try to resume health care delivery, so it seems to be an area that they're targeting more and more,” lead researcher Hannah Neprash said. 

JAMA Health Forum conducted research over five years on U.S. medical facilities, in which they have discovered that the attackers exposed a large volume of personal health data over time and in coming years the attacks will increase by large.

According to Neprash’s database, clinics were targeted in 58% of attacks, followed by hospitals (22%), outpatient surgical centers (15%), mental health facilities (14%), and dental offices (12%). 

Threat actors exploit open security vulnerabilities by infecting a PC or a network with a phishing attack, or malicious websites and asking for a ransom to be paid. Unlike other cyber attacks, the goal of malicious actors, here, is to disrupt operations rather than to steal data. 

However, it becomes a great threat because it can jeopardize patient outcomes when health organizations are targeted. 

In 2019, a baby died during a ransomware attack at Springhill Medical Center in Mobile, Ala. As per the data, 44% of the attacks disrupted care delivery, sometimes by more than a month. 

“We found that along a number of dimensions, ransomware attacks are getting more severe. It's not a good news story. This is a scary thing for health care providers and patients,” Neprash added. 

Ponemon Institute, an information technology research group published its report in September 2021, in which they found out that one out of four healthcare delivery organizations reported that ransomware attacks are responsible for an increase in deaths. 

“Health care organizations need to think about and drill on — that is practice — these back-up processes and systems, the old-school ways of getting out information and communicating with each other. Unfortunately, that cyber event will happen at one point or another and it will be chaos unless there is a plan,” said Lee Kim, senior principal of cybersecurity and privacy with the Healthcare Information and Management Systems Society, in Chicago.

 NHS 111 Cyberattack may Harm Patients Privacy



On Thursday, the software firm Advanced, which supplies patient data to numerous trusts and the majority of NHS 111 providers in England, suffered a cyber attack. Several NHS systems, notably Carenotes, which is used to store patient records, experienced an outage that affected mental health and community services across the nation.

Carenotes have not yet been restored 22 days after the outage. On August 17, a hospital in Birmingham informed its staff that restoration might take an additional five weeks. The experts said that if Carenotes is back up, it will likely take two weeks for every day under current predictions, indicating that full recovery might take longer than a year. 

After Carenotes went down, patients' safety concerns about mental health and community trust workers not being able to access their records were raised. According to experts, there have already been instances where staff members have been unable to access patient records, resulting in patients not receiving the proper dosage of their medications.

The staff is also at ris; when you step outside, you never know who might be in danger. Authorities claimed that you cannot create reports for the court based on the Mental Health Act. Last Monday, the staff at Birmingham Children's Hospital, which manages children's mental health services, was informed that the problem might not be solved for additional five weeks.

Hackers are requesting money in exchange for not disclosing private information, leaving the NHS without access to essential services in the interim. The hackers stole GP notes and patient data.

As part of its winterization efforts, the NHS recently stated it would increase the number of call takers to 111. "Politicians and NHS England need to recognize that mental health trusts are working with complicated and high-risk patients, who have a higher risk of mortality," one physician in the east of England said.

The Advanced Carenotes EPR program, which contains mental health records, was also hacked by criminals. Staff members are currently in a very desperate situation, according to the affected mental health trusts, since they are still unable to access crucial patient details.





73,500 Patients Data was Compromised in a Ransomware Attack on a Singapore Eye Clinic

 

The personal data and clinical information of roughly 73,500 patients of a private eye clinic were hit by a ransomware attack earlier this month, the third such occurrence in a month. Names, addresses, identity card numbers, contact information, and clinical information such as patients' clinical notes and eye scans were among the data, according to Eye & Retina Surgeons (ERS) on Wednesday. 

The clinic, however, stated that no ransom has been paid and that no credit card or bank account information has been obtained or compromised. The compromised IT systems at the clinic are not connected to the ministry's IT systems, such as the National Electronic Health Record, and there have been no similar cyber-attacks on MOH's IT systems, according to the Ministry of Health. 

The ministry also requested ERS to look into the issue, conduct a thorough evaluation of its systems, and collaborate with the Cyber Security Agency (CSA) to "take prompt mitigation efforts to enhance its cyber defences."

"Following this incident, MOH will be reminding all its licensed healthcare institutions to remain vigilant, strengthen their cybersecurity posture, and ensure the security and integrity of their IT assets, systems, and patient data. It is only through the disciplined maintenance of a safe and secure data and IT system that healthcare professionals will be able to deliver accurate and appropriate care, and uphold patient safety," the MOH said. 

The clinic's IT system has recently been restored "securely," with IT experts performing "thorough" system checks, reformatting servers, and running anti-virus scans on all computer terminals. The ERS stated that it had taken steps to avoid the situation from happening again. It is currently telling patients about the cyber-attack. 

Following the ERS ransomware incident, identical problems occurred at insurer Tokio Marine Insurance Singapore and IT firm Pine Labs. According to a recent study from Singapore's Cyber Security Agency (CSA), there were 89 ransomware cases reported to the agency last year, up from 35 cases in 2019. The assaults mostly targeted small and medium-sized businesses in the manufacturing, retail, and healthcare sectors. 

To encourage all licensed healthcare providers to set up and continually assess their security protections, impose new measures, and apply best practices to secure their IT systems and endpoints, the MOH issued the Healthcare Cybersecurity Essentials guidelines in August.

Over 30 Thousand Patient Records Exposed; Third-Party Breach To Blame




Cyber-cons recently targeted another health target. ‘Managed Health Services of Indiana Health Plan’ in recent times went public regarding the third-party data breach they had gotten imperiled by, which exposed 31,000 patients’ personal details out in the open. 


This breach was the result of one of the two security incidents that the institution had to face.



There are two major healthcare programs, namely, ‘Indiana’s Hoosier Healthwise’, and ‘Hooseir Care Connect Medicaid’ which this organization runs.


The MHS were informed about the breach by one of its vendors. The information was regarding someone having illegitimately gained access to their employees’ email accounts.


Disconcertingly, according to the reports, the unauthorized accessed had occurred between the month of July and September, last year.


During the investigation initiated by the MHS, it was found out that patients’ personal data including their names, insurance ID numbers, dates of birth, dates of services provided and their addresses were all potentially out in the open.


As the investigation unfolded, it was discovered that the incident was caused due to a phishing attack on the vendor’s system.


Rapid steps were taken by the vendor to counter the attack by the aid of a computer forensic company.


Some of the information in the email accounts that were affected was laid out pretty bare to be accessed. The email accounts “hacked” were the main source of information.


The easiest trick to harvesting personal data is performing a phishing attack. The phishing attack anywhere in the entire chain could affect all the people involved.


As a result of the overall effect on the chain, 31,ooo people got affected and had their data exposed and out in the open.


 Reportedly, this has been the 4th in the list of attacks made on the health plans, that too in the last month alone.


It gets evident after such an attack, that the health-care industry exceedingly requires better management and security cyber systems.