Group Health Cooperative of South Central Wisconsin (GHC-SCW) has notified 533,809 patients about a January cyberattack. In the early hours of January 25, 2024, an unauthorized third party accessed its network and attempted to use ransomware to encrypt files. GHC-SCW said the file encryption was not successful; however, while containing the attack and securing its systems, some of its systems were temporarily made unavailable. Third-party cybersecurity experts were engaged to investigate the incident and on February 9, 2024, evidence was uncovered that indicated the attacker had copied certain files from the network before attempting encryption. The attacker also made contact with GHC-SCW and claimed responsibility for the attack and confirmed that data had been exfiltrated from its network. The attacker, a foreign ransomware group, demanded payment to delete the stolen data. GHJC-SCW did not state whether the ransom was paid.

The review of the affected files confirmed that they contained the following types of patient information: Member/patient name, address, telephone number, e-mail address, date of birth and/or date of death, Social Security number, member number, and Medicare and/or Medicaid number.  The types of data involved varied from individual to individual. At the time of issuing notification letters, no evidence had been uncovered suggesting any stolen data had been misused or further disclosed.

GHC-SCW said it notified the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) about the attack and has been working with those agencies to mitigate any harm that may result from the incident. GHC-SCW said cybersecurity measures have been enhanced across all systems and networks to reduce the risk of similar incidents in the future, including strengthening existing privacy and security controls, data backup processes, user training and awareness, and other measures. Affected patients have been offered a one-year membership to a credit monitoring service at no cost.

The post Group Health Cooperative of South Central Wisconsin Ransomware Attack Affects 533K Patients appeared first on HIPAA Journal.

The Medusa ransomware group has leaked data stolen from American Renal Associates. Moffitt Cancer Center has been affected by a cyberattack on a vendor, and Family Health Center in Michigan and Zuckerberg San Francisco General Hospital have reported the exposure of patient data.

American Renal Associates

American Renal Associates (ARA), one of the largest providers of dialysis services in the United States and a provider of care for patients suffering from end-stage renal disease has experienced a Medusa ransomware attack. The ransomware attack has yet to be announced by ARA, but the Medusa ransomware group has leaked data allegedly stolen in the attack. The attack occurred on March 2, 2024, and affected hundreds of computers.

According to an analysis of the leaked data by Marco A. De Felice, around 5TB of data was stolen by the Medusa group including the protected health information of an estimated 37,700 patients. The leaked data includes patient names, dates of birth, phone numbers, email addresses, medical records, Social Security numbers, copies of passports and driver’s licenses, health insurance information, and company data.

Moffitt Cancer Center

Moffitt Cancer Center in Florida has announced that it has been affected by a security incident at one of its vendors. The law firm, Gunster, Yoakley, and Stewart, was provided with patient data in connection with legal services provided to Moffitt Cancer Center. Hackers gained access to the law firm’s network and may have obtained data such as names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, other government-issued identification numbers, financial account information, and medical information, including medical records numbers, health insurance benefit information, claims data, and diagnosis and treatment information.

The law firm started notifying affected individuals in April 2023; however, as the investigation progressed, it became clear that other individuals had been affected. Further notification letters were mailed in the following months, with Moffitt Cancer Center patients notified in April 2024. It is currently unclear how many Moffitt Cancer Center patients have been affected.

Family Health Center

Family Health Center in Kalamazoo, MI, has announced that it fell victim to a cyberattack that caused network disruption and impacted the functionality and access of certain systems. Prompt action was taken to contain the attack and prevent further unauthorized access on January 25, 2024, when the breach was detected and a third-party cybersecurity firm was engaged to conduct a forensic investigation.

The investigation uncovered evidence of unauthorized access to files that contained patient information. The review of those files confirmed that they contained employee information such as names, addresses, health insurance information, and Social Security numbers, and patient information such as first names, last names, and medical information. Family Health Center has reported the breach to the HHS’ Office for Civil Rights as affecting 3,240 individuals and said it has taken steps to improve security, including expanding multi-factor authentication and increasing monitoring of its network for suspicious activity.

Zuckerberg San Francisco General

Zuckerberg San Francisco General in California has announced that a medical logbook went missing in December 2023 that contained patient information. The logbook contained patient data from January 11, 2022, to December 12, 2023, including names, dates of birth, genders, medical record numbers, visit dates, dates of specimen collection, reason for specimen collection, whether a result was received, and other types of health information.

At the time of the announcement, no reports had been received to indicate any misuse of patient data. Zuckerberg San Francisco Hospital is reviewing its policies and procedures and is providing additional security awareness training to employees. The incident has been reported to the HHS’ Office for Civil Rights, but it is not yet shown on the OCR breach portal, so it is unclear how many individuals have been affected.

The post Medusa Ransomware Group Leaks Data Stolen from American Renal Associates appeared first on HIPAA Journal.