Orrick, Herrington & Sutcliffe, the San Francisco-based company revealed last week that that during an attack in March 2023, threat actors stole personal information and critical health data of more than 637,000 data breach victims.
Orrick said that the hackers had taken massive amounts of data from its systems related to security incidents at other organizations, for which he provided legal assistance, in a series of letters notifying those impacted of the data breach.
Orrick informs that the data involved in the breach involved its customers’ data, including those with dental policies with Delta Dental, a major healthcare insurance network that covers millions of Americans' dental needs, and those with vision plans with insurance company EyeMed Vision Care.
The company further added that it had contacted with the U.S. Small Business Administration, the behavioral health giant Beacon Health Options (now Carelon), and the health insurance provider MultiPlan that their data was also exposed in Orrick's data breach.
Apparently, the stolen data includes victims’ names, dates of birth, postal address and email addresses, and government-issued identification numbers, such as Social Security numbers, passport and driver license numbers, and tax identification numbers. Also, information about patient’s medical treatment and diagnosis details, insurance claim like date and service-charges, and healthcare insurance numbers and provider details have been compromised.
Orrick further says that credit or debit card details as well as online account credentials were also involved in the breach.
Since the initial announcement of the breach, the number of affected individuals have been on the rise. In its recent breach notice, Orrick states that it “does not anticipate providing notifications on behalf of additional businesses,” however the company did not specify how it came to this conclusion.
Orrick said in December to a federal court in San Francisco that it reached a preliminary settlement to end four class action lawsuits that claimed Orrick failed to disclose the breach from victims for months after it had occurred.
“We are pleased to reach a settlement well within a year of the incident, which brings this matter to a close, and will continue our ongoing focus on protecting our systems and the information of our clients and our firm,” added Orrick’s spokesperson.
The hospitals, part of the Valley Health System, include Centennial Hills, Desert Springs, Spring Valley, Summerlin, and Valley.
“So big question, how many people does it affect?” says Shannon Wilkinson, Chief Executive Officer for Tego Cyber.
Wilkinson runs a firm based in Las Vegas, that deals with cyber threats, he adds, “There’s one thing that I recommend that everybody does, and that is if you are not actively trying to get a loan, or get credit cards, or buy a car. Lock your credit.”
ESO, the company that suffered the data breach, is a third-party vendor that supplies software and other services to Valley Health's emergency medical services. One of the major concerns in regards to the breach is the timeline of when ESO detected the breach and when this news reached the online audience and the ones affected.
With respect to the issue, Valley Health System stated, “Letters were mailed to potentially affected individuals beginning on December 12, 2023.”
ESO notes that the firm detected the incident around September 28, following which they notified their “business associate” of the issue on October 27.
Wilkinson stated that if hospitals have to shut down systems, these breaches may have an impact on patient care.
He notes that there is a direct link between hospital mortality and ransomware attacks, which target cyberspace, indicating that following a cyberattack like this, hospitals witness a rise in the death rate. However, Valley Health System confirms that the breach has not affected its emergency care.
ESO further notes that it has taken all measures to prevent the data from getting leaked further. Moreover, ESO shared details of the measures that the victims of their data breach can take.
ESO informs that the affected individual can contact its helpline between the hours of 9:00 a.m. to 6:30 p.m. Eastern Time, Monday through Friday, excluding holidays. The company has urged the data breach victims to call ESO’s helpline at (866) 347-8525 with their queries, or even to confirm if they were affected.
The hackers claim to have stolen 500GB of medical data dating back to 2022. The 700,000 documents purportedly contained patient medical and personal data, including disease types and prescribed medication.
Last weekend, the hacker group involved in the attack – Malek Team – after attacking the hospital, began releasing documents that included the ones containing data from the Israel Defense Force (IDF) on their Telegram channel.
While the hackers did not disclose when exactly they attacked the hospital, a warning was released last week by the Israeli National Cyber Directorate regarding an incident affecting Ziv Medical Center's computer systems.
The warning read, “The incident has been identified and contained without disrupting or affecting various systems and the operation of the medical center.” Taking precautions, the hospital temporarily took down its email server and some of its computer systems.
The security team has conducted an investigation on the issue, however, findings have yet to be released as of yet to ascertain whether or not there was an information leak.
Israel’s newspaper The Jerusalem Post reported that this was not the first time Ziv Medical Center has fallen victim to a cyberattack. The hospital had suffered two other cyber incidents in four months. Local media outlets reported that Ziv's systems appeared to have leaked information, which was admitted by both the hospital and the Israeli privacy protection body.
Israeli officials have said that they are pursuing charges against those connected to the incident and have forbidden the use, transfer, or distribution of any information that has been disclosed.
Along with Israeli tech and media organizations, Malek Team also claimed responsibility for cyberattacks on other targets in Israel, such as Ono Academic College, which was previously targeted earlier in October.
In their ventures, the hackers have leaked several data pieces, including videos of university classes and admission interviews with students. Also, scans of victims’ passports and documents have also been released. However, the authenticity of this data has not been confirmed.