SouthCoast Health and Privia Medical Group in Georgia have notified patients about a cyberattack and data breach that occurred in June 2023. Unauthorized activity was identified in South Coast Health’s network on June 18, 2023, and assisted by forensic specialists, it was determined that its network was accessed by an unauthorized third party between June 15 and June 18, 2023. During that time, files on the network were viewed or copied.

South Coast Health confirmed that the intrusion was limited to its own network, with Privia Medical Group’s network unaffected; however, some Privia Medical Group patients did have their information exposed. The substitute breach notice provided to the South Carolina Attorney General does not list the types of data compromised in the attack, but that information is detailed in the individual notifications.

A substitute notice was posted on its website last year warning patients that they may have been affected, but at the time it was unclear how many patients had been affected or the types of data involved. The review of the affected files was not completed until June 13, 2024. South Coast Health said it had strict security measures in place to prevent unauthorized access to its network, but those measures were circumvented. Additional security measures have now been implemented to prevent similar incidents in the future. Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals. The HHS Office for Civil Rights breach portal still shows the interim figure of 501 affected individuals.

Call 4 Health Issues Notifications About March 2024 Cyberattack

Call 4 Health, Inc., a Delray Beach, FL-based medical call center operator and nurse triage service provider, has recently issued individual notifications to individuals affected by a data security incident that occurred on March 20, 2024. Unauthorized network access was detected on May 6, 2024, and immediate action was taken to prevent further unauthorized access.

Third-party cybersecurity experts were engaged to assist with the investigation and confirmed that its network had been hacked, and its systems were accessible for around 6 weeks. In addition to investigating the breach, assistance was provided in securing its digital environment and hardening network security. Call 4 Health also said it will be enhancing its cyber preparedness through additional awareness training and updating its procedures.

In its notice to the Maine Attorney General, Call 4 Health confirmed that the breached data included information related to employment and human resources, with the July 8, 2024 breach report stating that 3,210 individuals had been affected, including 1 Maine resident. The incident was reported to the Department of Health and Human Services on March 17, 2024, indicating the protected health information of 10,434 individuals had been exposed. Complimentary credit monitoring and identity restoration services are being offered to some of the affected individuals.

Clear Spring Health Notifies Patients About Change Healthcare Data Breach

Clear Spring Health, a Miramar, FL-based provider of PPO, HMO, and PDP advantage plans, has notified Medicare beneficiaries that their data may have been compromised in the February 2024 ransomware attack on Change Healthcare. In a website notice, Clear Spring Health explained that Change Healthcare confirmed on or around March 7, 2024, that the attackers had exfiltrated a substantial amount of data in the attack, which had potentially affected one in three Americans.

Change Healthcare is still conducting the document review to determine exactly which individuals have had their data exposed or stolen, and notification letters are expected to be mailed on behalf of its clients by the end of the month. Clear Spring Health said the types of data that may have been exposed include contact information, health insurance information, health information, billing information, and personal information, including Social Security numbers, driver’s license numbers, state ID numbers, and passport numbers. Clear Spring Health has advised the affected Medicare beneficiaries to take advantage of the two years of free credit monitoring services that Change Healthcare is offering.

The post SouthCoast Health; Call 4 Health Notify Patients About Cyberattacks appeared first on The HIPAA Journal.

SouthCoast Health and Privia Medical Group in Georgia have notified patients about a cyberattack and data breach that occurred in June 2023. Unauthorized activity was identified in South Coast Health’s network on June 18, 2023, and assisted by forensic specialists, it was determined that its network was accessed by an unauthorized third party between June 15 and June 18, 2023. During that time, files on the network were viewed or copied.

South Coast Health confirmed that the intrusion was limited to its own network, with Privia Medical Group’s network unaffected; however, some Privia Medical Group patients did have their information exposed. The substitute breach notice provided to the South Carolina Attorney General does not list the types of data compromised in the attack, but that information is detailed in the individual notifications.

A substitute notice was posted on its website last year warning patients that they may have been affected, but at the time it was unclear how many patients had been affected or the types of data involved. The review of the affected files was not completed until June 13, 2024. South Coast Health said it had strict security measures in place to prevent unauthorized access to its network, but those measures were circumvented. Additional security measures have now been implemented to prevent similar incidents in the future. Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals. The HHS Office for Civil Rights breach portal still shows the interim figure of 501 affected individuals.

Call 4 Health Issues Notifications About March 2024 Cyberattack

Call 4 Health, Inc., a Delray Beach, FL-based medical call center operator and nurse triage service provider, has recently issued individual notifications to individuals affected by a data security incident that occurred on March 20, 2024. Unauthorized network access was detected on May 6, 2024, and immediate action was taken to prevent further unauthorized access.

Third-party cybersecurity experts were engaged to assist with the investigation and confirmed that its network had been hacked, and its systems were accessible for around 6 weeks. In addition to investigating the breach, assistance was provided in securing its digital environment and hardening network security. Call 4 Health also said it will be enhancing its cyber preparedness through additional awareness training and updating its procedures.

In its notice to the Maine Attorney General, Call 4 Health confirmed that the breached data included information related to employment and human resources, with the July 8, 2024 breach report stating that 3,210 individuals had been affected, including 1 Maine resident. The incident was reported to the Department of Health and Human Services on March 17, 2024, indicating the protected health information of 10,434 individuals had been exposed. Complimentary credit monitoring and identity restoration services are being offered to some of the affected individuals.

Clear Spring Health Notifies Patients About Change Healthcare Data Breach

Clear Spring Health, a Miramar, FL-based provider of PPO, HMO, and PDP advantage plans, has notified Medicare beneficiaries that their data may have been compromised in the February 2024 ransomware attack on Change Healthcare. In a website notice, Clear Spring Health explained that Change Healthcare confirmed on or around March 7, 2024, that the attackers had exfiltrated a substantial amount of data in the attack, which had potentially affected one in three Americans.

Change Healthcare is still conducting the document review to determine exactly which individuals have had their data exposed or stolen, and notification letters are expected to be mailed on behalf of its clients by the end of the month. Clear Spring Health said the types of data that may have been exposed include contact information, health insurance information, health information, billing information, and personal information, including Social Security numbers, driver’s license numbers, state ID numbers, and passport numbers. Clear Spring Health has advised the affected Medicare beneficiaries to take advantage of the two years of free credit monitoring services that Change Healthcare is offering.

The post SouthCoast Health; Call 4 Health Notify Patients About Cyberattacks appeared first on The HIPAA Journal.

The Florida Department of Health has confirmed to FOX 35 in Orlando that it is investigating a cyberattack. The attack has affected its Vital Statistics System, which is used to process birth and death certificates. The disruption to the system has been causing problems for funeral homes across the state for the past two weeks. Some funeral homes have postponed their services or have been forced to physically visit healthcare providers to get signed copies of death certificates.

The Department of Health has released few details about the attack but this appears to have been a ransomware attack involving the exfiltration of a large volume of data. The RansomHub group claimed responsibility for the attack and said it had stolen around 100 gigabytes of data from the Department and started to leak the stolen data when the ransom was not paid by its deadline of July 1, 2024. The Department of Health has not commented on the validity of the group’s claims nor the extent of any data breach.

The failure to pay the ransom should not have come as a surprise, as Florida amended its State Cybersecurity Act to prohibit state agencies, counties, and municipalities that experience a ransomware attack from paying or otherwise complying with a ransom demand. The ban on ransom payments took effect on July 1, 2022.

There are no reasons to believe that the hacking group’s data theft claims are not genuine. RansomHub has conducted many attacks in the United States, including attacks on healthcare organizations and government departments. The group was also indirectly involved in the February ransomware attack on Change Healthcare, having obtained the data stolen in the attack from a BlackCat ransomware group affiliate after BlackCat performed an exit scam, pocketed the $22 million ransom, and refused to pay the affiliate.

The post RansomHub Claims to Have Stolen and Leaked 100 GB of Florida Department of Health Data appeared first on The HIPAA Journal.