Cyber actors often time their attacks to coincide with holiday periods when IT staffing levels are likely to be reduced to increase the probability of being able to access networks and exfiltrate data undetected, especially during Thanksgiving weekend. This year is no exception. A medical center in Idaho and an East Texas health system have announced that they are currently investigating potential cyberattacks that started on Thanksgiving Day. The nature of the attacks has not yet been disclosed and, at such an early stage in the investigations, it is unclear if patient data has been exposed or stolen.

UT Health East Texas, Texas

Tyler, TX-based UT Health East Texas, the operator of 10 hospitals and more than 90 healthcare clinics in East Texas, has confirmed that it experienced a network outage on Thursday, November 24, 2023. Steps were immediately taken to lock down its network to prevent any further unauthorized access. Without access to critical IT systems, ambulances were put on divert; however, care continues to be provided to patients with the health system operating under established downtime procedures. A statement was issued by a UT Health East Texas spokesperson saying network access is expected to be restored in around 24-36 hours, although it is currently unclear if that has happened.

Portneuf Medical Center, Idaho

Portneuf Medical Center in Pocatello, IA, has launched an investigation into a possible cyberattack and data breach that was detected on November 24, 2023. The attack resulted in a network outage, and the decision was taken to put the emergency room on divert status until access to its network was restored. The medical center is operating under established downtime procedures and says patient care has been unaffected.

Three Further Healthcare Providers Added to Hacking Group Data Leak Sites

Three healthcare providers have recently been added to the data leak sites of hacking groups.

Vanderbilt University Medical Center, Tennessee

Vanderbilt University Medical Center (VUMC), which operates seven hospitals and many healthcare facilities in and around Nashville, TN, has confirmed an investigation has been launched into a recent cyberattack. While the nature of the cyberattack has not yet been disclosed, VUMC has confirmed that a database was compromised in the attack, although the preliminary results of the investigation indicate neither patient nor employee data were stolen in the attack.

On November 24, 2023, VUMC was added to the Meow Leaks data leak site, along with 7 (non-healthcare) victims. The listing indicates the attack occurred on November 2, 2023, and the group claims to have 100% leaked the stolen data and has threatened to hack VUMC again if the ransom is not paid.

Crystal Lake Health Centers, Michigan

Crystal Lake Health Centers, the operator of 11 health centers in Michigan, has recently been added to the Hunters International data leak site. The listing includes a sample of 47.5 MB of data as evidence of the attack, and the group claims to have exfiltrated 120 GB of data in total including patient information such as contact details, SSNs, and insurance data. Hunters International is primarily a data theft and extortion group; however, has recently acquired the infrastructure and source code of the now-defunct Hive ransomware group.

Granger Medical Clinic, Utah

Granger Medical Clinic in Riverton, UT, was added to the data leak site of the NoEscape ransomware group on November 24, 2023.  It is not clear from the listing when the attack occurred but it appears that the clinic entered into negotiations before refusing to pay the ransom. The group claims to have infiltrated 38 GB of data and has published screenshots as proof of the attack. The NoEscape group claims to have successfully encrypted data on the network and exfiltrated employee data and patient data, including names, contact information, more than 2,000 passports, and tens of thousands of SSNs. The group demanded payment of $700,000 to prevent the release of the stone data.

The medical clinic has not yet announced the ransomware attack and data breach but has posted a notice on its website warning about emails that claim to be from Granger Medical Clinic about employment opportunities and said communications would only come from @GRANGERMEDICAL.COM, @SEND.APPLICANTEMAILS.COM, or @APPLICANTEMAIL.COM and the clinic would never ask for payment in relation to job opportunities. It is unclear if this scam is related to the ransomware attack.

The post Texas and Idaho Healthcare Providers Suffer Thanksgiving Day Cyberattacks appeared first on HIPAA Journal.

Mission Community Hospital, an acute care hospital serving the patients of the San Fernando Valley in California, has started notifying patients that some of their personal and protected health information was exposed in a May 2023 cyberattack.

Unauthorized access to its network was discovered on May 1, 2023, and the forensic investigation determined that an unauthorized third party accessed its network the same day, including files that contained patient data. The review of the files revealed they contained names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account information, health insurance plan member IDs, claims data, and clinical information related to the care received at Mission Community Hospital.

Affected individuals have been offered a complimentary one-year membership to a credit monitoring and identity theft protection service. Mission Community Hospital said it has implemented additional safeguards and technical security measures to further protect and monitor its systems. The HHS’ Office for Civil Rights breach portal still shows the placeholder of 500 records in a report submitted on June 30, 2023. 500 is a commonly used placeholder to meet breach reporting requirements until the number of individuals affected is known.

The breach notification letter did not include details about the nature of the attack other than stating ” files containing some of your information may have been subject to unauthorized access,”; however, this appears to have been a ransomware attack. The RansomHouse ransomware group claimed responsibility for the attack and has added Mission Community Hospital to its dark web data leak site. In the listing, the group claims to have infiltrated “more than 2.5 TB” of data. The listing has a downloadable evidence pack, which consists of screenshots of its file system that appear to have been taken on April 16, 2023, around two weeks before unauthorized access was detected. The HIPAA Journal has confirmed that no data is currently showing on the listing, only the screenshots, which could indicate that the data has been sold per the group’s threat or the group is still holding out for payment. Listings are usually removed from data leak sites if a ransom is paid.

RansomHouse was behind a 2023 attack on Warren General Hospital, the listing for which is still on the group’s data leak site along with evidence packs, although there has been no data dump so far. Warren General Hospital recently reported the breach to OCR as affecting 168,921 individuals. A March 2023 attack on Albany ENT & Allergy Services is also listed, which includes a full data dump. According to the OCR breach portal, 224,486 patients of Albany ENT were affected by the attack.

The post Mission Community Hospital Alerts Patients About May 2023 Cyberattack appeared first on HIPAA Journal.