Threat Actors Time Attacks to Coincide with Periods of Reduced Vigilance

Posted by Steve Alder

Thanksgiving weekend is just a few days away, and while many healthcare employees will be enjoying time off work, it will be a particularly busy time for cybercriminals. Many hacking and ransomware attacks occur over Thanksgiving weekend when staffing levels are lower, and fewer eyes are monitoring for indicators of compromise.

The high level of ransomware attacks during holiday periods has recently been confirmed by the cybersecurity firm Semperis, which reports that in the United States, 56% of ransomware attacks occur on a weekend or holiday, and 47% of ransomware attacks on healthcare organizations occur during these times when staffing levels are reduced.

“Threat actors continue to take advantage of reduced cybersecurity staffing on holidays and weekends to launch ransomware attacks. Vigilance during these times is more critical than ever because the persistence and patience attackers have can lead to long-lasting business disruptions,” said Chris Inglis, the first U.S. National Cyber Director and Semperis Strategic Advisor.

The Semperis 2025 Ransomware Holiday Risk Report is based on an analysis of responses to a detailed global ransomware survey of 1,500 IT and security professionals conducted in the first half of the year by Censuswide. The survey suggests that ransomware groups research their targets and time their attacks to coincide with material corporate events such as mergers, acquisitions, IPOs, and layoffs, and exploit the organizational disruption and reduced security focus during these events. “Organizations are under intense pressure to sustain operations while transforming their form and protocols during an IPO or merger, and cannot afford downtime, making them more likely to pay quickly to restore operations,” said Inglis. “During these times, it is critical to remain vigilant and situationally aware that bad actors may be lurking, looking to plant ransomware.”

In healthcare, 96% of organizations maintain a security operations center, with 80% managing it in-house and 20% outsourcing to a third-party vendor. During weekends and holiday periods, 73% of healthcare organizations reduce their SOC staffing levels by 50% or more, and 5% of organizations said they eliminate their SOC staffing entirely on weekends and holidays. The main reasons given for reducing or eliminating staffing levels were to improve work/life balance (63%), because the organization was closed during holidays and weekends (43%), and 36% of respondents said they did not expect an attack to take place.

Smaller organizations were the most likely to cut or eliminate SOC staffing levels on weekends and during holiday periods because they thought they would be unlikely to be attacked. While reducing staffing levels to give employees weekends and holidays off is all well and good, there is no time off for hackers. If internal staffing levels are to be reduced, there must be adequate monitoring, staff on call, or a third-party vendor providing cover.

There has been a marked increase in organizations bringing their SOC in-house, which is up 28 percentage points from last year, which has coincided with a 30% percentage point increase in below 50% staffing levels during holidays and weekends to maintain a better work/life balance. The reason for the shift in bringing SOCs in-house was not explored in the study, but there could be several factors at play.

“Being able to see what’s happening might enable organizations to pivot and adapt faster based on changing operations, business needs, and regulatory reporting requirements,” Courtney Guss, Semperis Director of Crisis Management, said. “The ROI of outsourcing also seems to be shifting as AI begins to handle some Tier 1 work, leaving the more complex work for SOC analysts.”

The survey also probed respondents on their identity infrastructure and the methods used for protection. The majority (90%) scan for vulnerabilities, although only 38% have vulnerability remediation procedures, and only 63% automate recovery. Concerningly, 10% of respondents said they do not have an identity threat detection and response strategy.

One of the most effective ways to defend against ransomware attacks is by tightening identity systems, most commonly Active Directory, Entra ID, and Okta,” former Australian Prime Minister Malcolm Turnbull said. “These are the digital keys that determine who can access what within an organization. In nearly every major ransomware incident, weak or compromised credentials have been the initial entry point. Strengthening identity systems is therefore not just good practice but a critical line of defense.

The post Threat Actors Time Attacks to Coincide with Periods of Reduced Vigilance appeared first on The HIPAA Journal.

Goshen Health & Hancock Health Settle Pixel Data Breach Lawsuits

Posted by Steve Alder

Goshen Health System and Hancock Health in Indiana have agreed to settle class action lawsuits that alleged patients’ protected health information was disclosed to unauthorized third parties via website tracking technologies.

Goshen Health Hospital Data Breach Settlement

On May 23, 2023, a class action lawsuit – Kaitlin Lamarr v. Goshen Health System, Inc. d/b/a Goshen Health Hospital – was filed in the Elkhart County Superior Court, Indiana, against Goshen Health System, doing business as Goshen Health Hospital, over the use of tracking technologies on its website. The lawsuit alleged that these tools, which included Meta Pixel, disclosed patients’ personally identifiable information to Meta and other unauthorized third parties without patients’ knowledge or permission.

The lawsuit asserted claims of negligence, invasion of privacy, breach of implied contract, unjust enrichment, breach of fiduciary duty, and violations of the Indiana Deceptive Consumer Sales Act and the Indiana Wiretapping Act. Goshen Health Hospital denies any wrongdoing, disagrees with the claims and contentions in the lawsuit, and believes that it would have prevailed at summary judgment and/or trial; however, after considering the uncertainty, risks, and expense of proceeding with the litigation, it was more desirable and beneficial to settle the litigation. The plaintiff and class counsel believe that the settlement negotiated with the defendant is reasonable and fair and is in the best interests of the class.

The class consists of individuals who logged into the Goshen Health patient portal between January 1, 2020, and December 31, 2023. Under the terms of the settlement, class members are entitled to submit a claim for a one-off cash payment of $25, and will automatically receive a code to enroll in a Privacy Shield Pro product, which includes dark web watchlist, VPN in touch, password scan, private search functionality, password defense, digital vault, and data broker opt-out services.

The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for December 16, 2025. The deadline for submitting a claim is November 29, 2025.

Hancock Regional Hospital Data Breach Settlement

A similar lawsuit Jennifer Fleece v. Board of Trustees of Hancock Regional Hospital – was filed against Hancock Regional Hospital in the Marion County Superior Court, Indiana, over the use of tracking technologies on its website, which were alleged to have impermissibly disclosed patients’ protected health information to Meta and other third parties without patients’ knowledge or consent.

The lawsuit asserted claims of negligence, negligence per se, invasion of privacy, breach of implied contract, unjust enrichment, breach of fiduciary duty, and violations of the Indiana Deceptive Consumer Sales Act. Hancock Regional Hospital maintains that there was no wrongdoing and disputes that it committed, or threatened or attempted to commit, any wrongful act, omission, or violation of law or duty alleged in the lawsuit, and while believing it had a good defense against all of the asserted claims, determined that a settlement was the best course of action. The plaintiff and class counsel believe the settlement is fair.

The settlement class consists of individuals who logged into the patient portal between January 1, 2020, and December 31, 2023. Claims may be submitted for a one-off $25 cash payment, and class members who submit a claim will receive a code to enroll in a Privacy Shield Pro product, which includes dark web watchlist, VPN in touch, password scan, private search functionality, password defense, digital vault, and data broker opt-out services. The final fairness hearing has been scheduled for December 18, 2025, and claims must be submitted by December 1, 2025.

The post Goshen Health & Hancock Health Settle Pixel Data Breach Lawsuits appeared first on The HIPAA Journal.