Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hospital. Show all posts
Privacy
Data Leak Doctor Healthcare Hong Kong Hospital Privacy

2 Doctors in Hong Kong Arrested for Leaking Patient Data


Two doctors at a Hong Kong public hospital were arrested on charges of accessing computers with dishonest or criminal intent, allegedly involved in a data leak. According to police superintendent Wong Yick-lung, a 57-year-old consultant and a 35-year-old associate consultant from Tseung Kwan O Hospital were arrested in Ho Man Tin and Fo Tan, respectively.

Officers seized computers and other records; the pair is in police custody. On Sunday, the hospital stated the alleged leak, but the exact details were not disclosed at that time. The hospital’s chief executive, Dr. Kenny Yuen Ka-ye, said that the data of a few patients had been given to a third party. An internal complaint a month ago prompted the investigation. 

According to Dr Ka-ye, the hospital found at least one doctor who accessed the patient’s personal data without permission. The hospital believes the documents containing information about other patients might have also been exposed to the third party. Police said experts are working to find out more details concerning the number of patients impacted by the incident.

While the investigation is ongoing, the consultant Dr has given his resignation, while the associate consultant has been suspended. At the time of writing this story, the motivation behind the attack is not known. According to Yuen, every doctor has access to the clinical management system that has patient information, but the use is only permitted under a strict “need-to-know” for research purposes or as part of the medical team taking care of a patient. 

The investigation revealed that the two doctors didn’t fit into either category, which was a violation. According to SCMP’s conversation with a source, the portal reported that the two doctors (both members of the surgery department)  sent details of a female pancreatic cancer patient who died after a surgical operation. 

The pair illegally accessed the info and sent it to the family, asking them to file a complaint against the doctor who did the operation. This was done to show the doctor’s alleged incompetence.

The hospital has sent the case to the Office of the Privacy Commissioner for Personal Data, and has also reported the incident to the police and the Medical Council.

Read more »
Technology
Conti Healthcare Hospital Monti Ransomware Technology

Hospital Notifies victims of a one-year old data breach, personal details stolen

Hospital Notifies victims of a one-year old data breach, personal details stolen

Hospital informs victims about data breach after a year

Wayne Memorial Hospital in the US has informed its 163,440 people about a year old data breach in May 2024 that exposed details such as: names, social security numbers, user IDs, and passwords, financial account numbers, credit and debit card numbers, expiration dates, and CVV codes, medical history, diagnoses, treatments, prescriptions, lab test results and images, health insurance, Medicare, and Medicaid numbers, healthcare provider numbers, state-issued ID numbers, and dates of birth. 

Initially, the hospital informed only 2,500 people about the attack in August 2024. Ransomware group Monti took responsibility for the attack and warned that it would leak the data by July 8, 2024.

Ransom and payment

Wayne Memorial Hospital, however, has not confirmed Monti’s claim. As of now, it is not known if the hospital paid a ransom, what amount Monti demanded, or why the hospital took more than a year to inform victims, or how the threat actors compromised the hospital infrastructure. 

According to the notice sent to victims, “On June 3, 2024, WMH detected a ransomware event, whereby an unauthorized third party gained access to WMH’s network, encrypted some of WMH’s data, and left a ransom note on WMH’s network.” The forensic investigation by WMH found evidence of unauthorized access to a few WMH systems between “May 30, 2024, and June 3, 2024.”

The hospital has offered victims a one-year free credit monitoring and fraud assistance via CyberScout. The deadline to apply is three months from the date of the notice letter.

What is the Monti group?

Monti is a ransomware gang that shares similarities with the Conti group. It was responsible for the first breach in February 2023. The group, however, has been working since June 2022. Monti is infamous for abusing software bugs like Log4Shell. Monti encrypts target systems and steals data as well. This pushes victims to pay ransom money in exchange for deleting stolen data and restoring the systems.

To date, Monti has claimed responsibility for 16 attacks. Out of these, two attacks hit healthcare providers. 

Monti attacks on health care providers

In April 2023, Avezzano Sulmona L’Aquila (Italy) reported a ransomware attack that resulted in large-scale disruption for a month. Monti asked for $3 million ransom for the 500 GB of stolen data. ASL denies payment of the ransom. 

Excelsior Othopedics informed 394,752 people about a June 2024 data compromise

Read more »
Ransomware
Breach Compliance Cybersecurity Data Breach DaVita dialysis Healthcare Hospital incident ITsecurity patientcare Ransomware

DaVita Faces Ransomware Attack, Disrupting Some Operations but Patient Care Continues

 

Denver-headquartered DaVita Inc., a leading provider of kidney care and dialysis services with more than 3,100 facilities across the U.S. and 13 countries, has reported a ransomware attack that is currently affecting parts of its network. The incident, disclosed to the U.S. Securities and Exchange Commission (SEC), occurred over the weekend and encrypted select portions of its systems.

"Upon discovery, we activated our response protocols and implemented containment measures, including proactively isolating impacted systems," DaVita stated in its SEC filing.

The company is working with third-party cybersecurity specialists to assess and resolve the situation, and has also involved law enforcement authorities. Despite the breach, DaVita emphasized that patient care remains ongoing.

"We have implemented our contingency plans, and we continue to provide patient care," the company noted. "However, the incident is impacting some of our operations, and while we have implemented interim measures to allow for the restoration of certain functions, we cannot estimate the duration or extent of the disruption at this time," the company said.

With the investigation still underway, DaVita acknowledged that "the full scope, nature and potential ultimate impact on the company are not yet known."

Founded 25 years ago, DaVita reported $12.82 billion in revenue in 2024. The healthcare giant served over 281,000 patients last year across 3,166 outpatient centers, including 750+ hospital partnerships. Of these, 2,657 centers are in the U.S., with the remaining 509 located in countries such as Brazil, Germany, Saudi Arabia, Singapore, and the United Kingdom, among others. DaVita also offers home dialysis services.

Security experts warn that the scale of the incident could have serious implications.

"There is potential for a very large impact, given DaVita’s scale of operations," said Scott Weinberg, CEO of cybersecurity firm Neovera. "If patient records were encrypted, sensitive data like medical histories and personal identifiers might be at risk. DaVita has not reported data exfiltration, so it’s not clear if data was stolen or not."

Weinberg added, "For dialysis patients needing regular treatments to survive, this attack is extremely serious. Because of disrupted scheduling or inaccessible records, this could lead to health complications. Ransomware disruptions in healthcare may lead to an increase in mortality rates, especially for time-sensitive treatments such as dialysis."

The breach may also bring regulatory challenges due to DaVita’s international footprint.

"Regulations can differ with respect to penalties and reporting requirements after a breach based on the country and even the state in which the patients live or were treated," said Erich Kron, security awareness advocate at KnowBe4.

"A serious cybersecurity incident that affects individuals in multiple countries can be a legal nightmare for some organizations," Kron said. "However, this is something that organizations should plan for and be prepared for prior to an event ever happening. They should already know what will be required to meet regulatory standards for the regions in which they operate."

In a separate statement to Information Security Media Group, DaVita added, "We have activated backup systems and manual processes to ensure there's no disruption to patient care. Our teams, along with external cybersecurity experts, are actively investigating this matter and working to restore systems as quickly as possible."

This cyberattack mirrors similar recent disruptions within the healthcare industry, which continues to be a frequent target.

"The healthcare sector is always considered a lucrative target because of the serious sense of urgency whenever IT operations are disrupted, not to mention potentially disabled," said Jeff Wichman, director of incident response at Semperis. "In case of ransomware attacks, this serves as another means to pressure the victim into paying a ransom."

He added, "At this time, if any systems administering dialysis have been disrupted, the clinics and hospitals within DaVita’s network are most certainly operating machines manually as a last resort and staff are working extremely hard to ensure patient care doesn’t suffer. If any electronic machines in their network are down, the diligence of staff will fill the gaps until electronic equipment is restored."

DaVita joins a growing list of specialized healthcare providers facing cybersecurity breaches in 2025. Notably, Community Care Alliance in Rhode Island recently reported a hack that impacted 115,000 individuals.

In addition, DaVita has previously disclosed multiple health data breaches. The largest, in July 2024, affected over 67,000 individuals due to unauthorized server access linked to the use of tracking pixels in its patient-facing platforms.
Read more »
Ransomware
Cyber Attacks Health Healthcare Hospital Patient Ransomware

Rise in Cyberattacks, Healthcare Industry Top Victim

Rise in Cyberattacks, Healthcare Industry Top Victim


Hospitals in Merseyside, including Arrowe Park Hospital in the Wirral, are facing significant disruptions following a cyber attack on the Wirral University Teaching Hospital Trust. Outpatient appointments have been canceled, and patients have been advised to avoid visiting the A&E department unless in a medical emergency. 

A spokesperson for the Trust confirmed, “A major incident was declared yesterday for cyber security reasons and remains ongoing. Our business continuity processes are in place, and our priority remains ensuring patient safety. We apologize for any inconvenience and will contact patients to reschedule canceled appointments.” 

Rising Cyber Threats to Healthcare   


The breach has also affected staff, who are struggling to access electronic records, highlighting the increasing frequency of cyber attacks on healthcare systems in the UK and globally. Research by KnowBe4 shows that the global healthcare sector faced an average of 1,613 attacks per week during the first three quarters of 2023 — four times higher than the global average.   

Earlier in 2024, a cyber attack on Kings College Hospital Foundation forced the shutdown of critical operations due to a breach at blood test supplier Synnovis.   

In recent years, similar incidents have plagued the UK healthcare system:   

- A ransomware attack on Barts NHS Trust by the Russian BlackCat gang resulted in the theft of 7TB of sensitive data.   
- In February 2023, NHS Dumfries and Galloway faced a breach compromising patient and staff information.   

In response to these escalating threats, the National Data Guardian (NDG) and NHS England introduced a new cyber resilience framework in September 2023. Dr. Nicola Byrne, National Data Guardian, stated that the framework provides organizations with a "current and evolving approach to enhance data protection and cyber resilience."
Read more »
Privacy
Cyberattacks CyberCrime Cybersecurity CyberThreat Dataleak Hospital Kings College Privacy

Why Cybercriminals Keep Targeting the NHS: Insights into the Latest Attack

 


In a statement released on 3 June, NHS England confirmed that the patient data managed by the company Synnovis for blood testing was stolen in a ransomware attack. In a threat to extort money from Synnovis, a group of Russian cybercriminals called Qilin shared almost 400GB of personal information through their darknet site on Thursday night, which they had threatened to do. There is no evidence to indicate that test results have been published, according to a statement issued by NHS England. However, the company said that investigations are still ongoing. 

As a shocking development has recently occurred, the NHS has announced it has been a victim of a major cyber attack targeting a company known as Synnovis. Synnovis, formerly known as Viapath, offers pathology services to hospitals across the country. The hospital is a partnership between Guy’s and St Thomas NHS Foundation Trust and King’s College Hospital NHS Foundation Trust. It is possible that millions of sensitive health information of NHS patients across England could have been compromised by the attack, which happened on June 22nd. 

As of Monday 3 June, Synnovis - a pathology partnership between Guy's and St Thomas' NHS Foundation Trust, King's College Hospitals NHS Trust and SYNLAB - suffered a ransomware cyber attack, disrupting their operations. There is no denying that this attack has been one of the worst in the history of medicine in the UK. It has resulted in an extremely significant decrease in the number of tests that can be processed and reported to clinical teams as a result of this attack. King's College Hospital and Guy's and St Thomas Hospital have been postponing 1,134 elective procedures and 2,194 outpatient appointments since 3 June, which means the total number of elective procedures and outpatient appointments cancelled. 

In the wake of the attack, which was allegedly perpetrated by a Russian criminal gang, Qilin has posted over 400GB of sensitive data to a darknet site that has been used to hide data. Among the data are names, dates of birth, NHS numbers, as well as descriptions of blood tests that were performed. Moreover, a spreadsheet detailing financial arrangements between hospitals, general practitioners, and Synnovis is also found. Qilin has also claimed to have attacked a ‘protest’ but declined to give any further details about their political affiliation or location. 

In the recent past, Synnovis, a partnership between two London hospitals and SYNLAB providing pathology services, has been a victim of a cyberattack. In the past week, a group has claimed responsibility for the attack and published information online,” Snnaovis said in a press release. Even though there have been no indications that the Laboratory Information Management System (LIMS) databases, which are crucial for supporting lab operations and storing patient test requests and results, have been compromised, or that they are available online, there are no signs that they have been. 

An analysis of the stolen data by the BBC revealed that it included the names of patients, birth dates, NHS numbers, and blood tests described by the patient, an act which has been described as the "most significant and harmful cyber attack ever committed in the United Kingdom." It has also been found that business account spreadsheets are being used to take notes about the financial arrangements between hospitals, GP services, and Synnovis. Ransomware hackers have infiltrated the company's computer systems, which are used by two NHS trusts in London, and encrypted vital information, resulting in the inability to use its IT systems. 

The cybercriminals also downloaded as much information as possible to further extort the company for a ransom payment, as is often the case with cybercriminals. Neither Synnovis nor the hackers have disclosed how much money the hackers requested from Synnovis, nor have negotiations been held between the two organizations. Qilin, however, has published some of the data, which could be all of it, so they haven't been paying. In an encrypted message sent to the BBC by the cyber attackers, the cyberattackers explained that they were targeting Synnovis intentionally to punish the UK for not participating enough in an unspecified war. 

In the NHS England statement, it was stated that the company continues to work closely with Synnovis and the National Crime Agency. A helpline has been established by NHS England for people affected by the attack and the organisation will continue to share updates, but "investigations of this type are complex and take time to complete." During the NHS, these systems are used to securely transfer patient data from one part of the healthcare system to another, raising serious questions about the safety and privacy of the data that is shared amongst members of the system. Officials at the National Health Service (NHS) are scrambling to assess the extent of the breach and find out exactly what information may have been exposed as a result of the breach. 

There have been assurances from the authorities that need-to-know services will remain fully operational for the time being, but some appointments and services not urgent in nature may need to be rescheduled to ensure the secure restoration of systems that have been affected. According to Synnovis, all affected systems have been taken offline as a precautionary measure, and as the company investigates the incident in partnership with the National Cyber Security Centre, the NHS is also investigating the incident. While many do not understand how such a crucial part of the NHS' digital infrastructure can be left vulnerable to such a heinous attack, a few have made a suggestion. As cyber security threats become increasingly sophisticated, there is now a growing concern about whether the NHS is capable of protecting itself from inherently secure threats. 

A call to action has been issued urging people to be more vigilant and to report any suspicious communications they receive claiming to be from the NHS immediately. It's becoming more obvious every day that the scale and impact of this unprecedented attack on England's health service are far from being known, but public confidence in the NHS's ability to keep personal data secure is at stake as more details emerge. In the last few months, there have been shockwaves throughout the healthcare sector as well as beyond it. Identifying impacted individuals can be a complicated process and can take up to a week for the investigation to be complete. As a result, local health systems have collaborated to ensure that patients' health impacts are managed promptly, that urgent blood samples are processed and that historical health records are accessible by laboratories.
Read more »
Ransomware
Cyber Attacks Healthcare Hospital Network Security Ransomware

Ransomware Attacks in Healthcare: A Threat to Patient Safety

Ransomware Attacks in Healthcare: A Threat to Patient Safety

Ransomware attacks in Healthcare: A threat to patient safety

A ransomware attack on a major U.S. hospital network has been endangering patients’ health. Nurses are forced to manually enter prescription information and work without electronic health records cyberattacks have become an alarming concern for healthcare institutions worldwide. 

The recent ransomware attack on Ascension Providence Rochester Hospital in the United States highlights the critical need for robust cybersecurity measures within the healthcare sector.

The incident

The hospital’s computer systems were compromised by malicious actors who infiltrated their network. The attackers deployed ransomware, encrypting critical files and rendering electronic health records (EHRs) inaccessible. Suddenly, nurses were navigating a chaotic environment where paper records replaced digital ones. The impact was immediate and far-reaching.

Patient safety at risk

  • Manual Processes: Nurses were forced to revert to manual processes for tasks that were previously automated. Prescription orders, patient histories, and treatment plans had to be recorded on paper. This shift disrupted workflows, increased administrative burden, and introduced the risk of errors.
  • Delayed Care: With EHRs offline, accessing patient information became time-consuming. Nurses had to physically search for records, leading to delays in providing care. In emergencies, every second counts, and any delay could jeopardize patient well-being.
  • Medication Errors: Manually transcribing medication orders is error-prone. Misreading handwritten notes or mistyping dosage instructions can have serious consequences. Patient safety hinges on accurate and timely administration of medications, and the ransomware attack disrupted this critical process.
  • Communication Challenges: Collaborating with physicians, pharmacists, and other healthcare professionals became challenging. Without EHRs, nurses struggled to share vital patient information efficiently. Effective communication is essential for coordinated care, and the attack hindered this aspect.

The broader implications

  • Financial Impact: Beyond patient safety, the financial toll of ransomware attacks is substantial. Hospitals must allocate resources to recover data, strengthen security, and address vulnerabilities. These costs divert funds from patient care and research.
  • Public Trust: Patients rely on hospitals to safeguard their sensitive information. A breach erodes trust and raises privacy concerns. Hospitals must transparently communicate such incidents to maintain public confidence.
  • Preventive Measures: Healthcare institutions must prioritize cybersecurity. Regular security audits, employee training, and robust backup systems are essential. Proactive measures can prevent attacks or minimize their impact.
Healthcare organizations must invest in cybersecurity infrastructure, collaborate with experts, and stay vigilant. Patient safety is non-negotiable, and protecting it requires a collective effort. Let us learn from this event and fortify our defenses against cyber threats in the healthcare sector.

Read more »
Subscribe to: Posts (Atom)