Actor steals data from 500,000 patients during an eye clinic ransomware attack

Patients undergo an eye exam at a free clinic. Earlier this year, a ransomware attack on an Iowa-based ophthalmology clinic created access to and potential theft of data belonging to 500,000 patients (Photo courtesy of John Moore / Getty Images).

Iowa-based ransomware attack Wolf Eye Clinic Earlier this year, there was the potential for access and theft of data belonging to 500,000 patients. The first cyberattack occurred in February, but the complexity and scope of the incident was not determined until May 28.

The security team observed an unauthorized individual trying to access the network on February 8 and moved quickly to protect the network. External IT security and investigators were hired to assist in forensic reviews of the scope of the incident, but no conclusions were reached until June 8.

Investigations at the time revealed that the attacker had access to, and in some cases stolen, patient-specific information such as name, contact details, date of birth, and social security number. Medical and health information was affected in some patients.

All affected patients receive one year of free identity monitoring. Wolfe Eye Clinic then implemented additional safeguards to enhance security.

Ohio Medicaid Provider Data Published on Vendor Hack

Maximus, Business Process Services Vendor for Government Health and Welfare Institutions, Recently report Data from 334,000 Medicaid, Ohio and managed care plan providers were compromised during a hack on one of the servers on May 19.

The affected server contained the provider’s personal information used by Maximus for credential and taxpayer number purposes. Upon discovering unauthorized access, the security team quarantined the server and contracted with a third-party forensic company to identify the scope of the incident.

Investigation found that the hack started two days before it was discovered. This gave the attacker access to the provider name, date of birth, SSN, and Drug Enforcement Administration number. No patient data was accessed during the attack. All affected providers receive a two-year free credit monitoring service.

45,000 patients affected by prominence health insurance hacks

The current and previous estimated 45,000 members of the Prominence Health Plan have recently notification Data was compromised while hacking an insurance company’s data system. The attacker first accessed the network in November 2020, but was not detected until April 22, 2021.

When found, prominence will reset everything User credentials We have protected the affected environment and started the process of investigation and data recovery from the backup system. Prominence membership benefits and services were not interrupted by hacking.

However, the attacker gained access to a pile of patient data, including voice recordings of calls made to and from Prominence’s call center, and PDF files of both the provider’s billing form and approval or denial letters sent to the patient. I was able to do it.

The record contained the patient’s name, date of birth, address, and billing code, and the PDF file contained the name, date of birth, member ID number, contact information, and billing code. No SSN or financial data was compromised during the incident.

In particular, not all plan members were affected by this incident. However, as a precautionary measure, the insurer has notified all 45,000 members from 2019 to 2020.

Prominence actively monitors online forums for signs of data misuse. To date, no instances have been found. Insurers are strengthening information security and processes in addition to contacting the FBI and regulators.

Ransomware attack at Mississippi Advanced Medical Center

Unpublished number Mississippi Center Patients with Advanced Medicine have been notified that data was compromised during the December 2020 ransomware attack. A third-party IT consulting firm was hired shortly after the breach was discovered in April 2021.

The attacker demanded a ransom from MCAM in December after encrypting the data on the internal server. This notice does not provide details as to whether MCAM has paid the request. For the past five months, investigators have worked to identify any data that was accessed during the hack.

The team concluded that the attacker was able to access the data on the affected server. This data included documentation related to MCAM services and programs, including protected health information such as name, SSN, date of birth, contact information, prescriptions, insurance processing data, and medical care. History, provider name, and clinical data.

The incident did not affect electronic health records or financial data. MCAM then protected the affected servers and files, but emphasized that it used industry-standard security measures to protect the servers before being hacked by an external network security vendor.

In response to this incident, MCAM has added additional security measures, including the implementation of enhanced user authentication, intrusion detection, and monitoring capabilities.

Ransomware threat groups leak more health data

Last week, Cuban and Conti ransomware threat actors leaked data from two major healthcare providers, Forefront Dermatology and Goetze Dental. Both specialists provide patient care at hundreds of care sites nationwide.

In the screenshot shared with SC Media A Cuban hacking group posted data claiming to have been obtained from Forefront Dermatology between June 4th and 6th.

Meanwhile, Conti officials leaked 198GB of data allegedly stolen from Goetze, including personal employee data such as SSN, date of birth, contact details, and employment contracts. The group also claims to have obtained financial statements associated with the company, client database, all SQL databases, and Goetze’s clinical management software database.

These types of data breaches health care Sector, previous Coveware data shows that 77% Many ransomware attacks lead to data theft and subsequent blackmail attempts.

Contiactors are notorious for targeting the healthcare sector last year with ransomware and blackmail attempts, despite being overloaded with pandemics.

In May, the FBI warned that the group was abusing health care and first responder networks, with at least 16 casualties this year. Rehobos McKinley Christian Health, Leon Medical Center, UK-based Rivanova, and Massive Attacks Irish health Service executive.

“Conti also re-attacked previous victims and launched a new attack shortly after the first attack lasted,” Coveware researchers previously explained. “Practices that conflict with RaaS organizations interested in maintaining a reputation that forces victims to pay the ransom.”

Cuban hacking groups first appeared in mid-2020, but only recently have been in the tide of data breaches and blackmail.

Coastal Medical Group cyber attacks lead to data theft

Private patient count data may have been stolen after a cyberattack on the Coastal Medical Group. The New Jersey provider is stated to be completely closed.

The security incident was discovered on April 21st. However, the system was first compromised almost a month ago, starting March 25th. The provider has begun response and recovery steps to mitigate the impact and prevent unauthorized access.

Investigation revealed that a hacker stole data during the hack. This may include patient name, contact details, SSN, insurance information, diagnosis, treatment, date of birth, and demographic details.

Actor steals data from 500,000 patients during an eye clinic ransomware attack

Source link Actor steals data from 500,000 patients during an eye clinic ransomware attack

Related Articles

Back to top button