Maria Perez
Maria is an experienced writer, providing content for Healthcare Industry News since 2021. Working as a senior writer, Maria focuses on news reporting, making the complex healthcare topic comprehensible for readers. Maria’s expertise and dedication to delivering accurate stories make him a trusted source on our site.
by Maria Perez | Apr 19, 2022 | Compliance News
Microsoft’s Digital Crimes Unit (DCU) deactivated the infamous ZLoader cybercrime botnet that was utilized to send Ryuk ransomware in attacks on medical care providers. Microsoft lately secured a court order coming from the United States District Court for the Northern District of Georgia permitting the taking of 65 hard-coded websites the ZLoader botnet employs for command-and-control communications. Those domains were already sinkholed, blocking the botnet operator from conversing with devices corrupted with ZLoader malware.
ZLoader malware enclosed a domain generation algorithm (DGA) which is prompted whenever it’s impossible to connect with the hard-coded websites, which acts as a failsafe for any takedown campaigns. The court order likewise authorized Microsoft to take 319 DGA-registered domains. Microsoft is doing something to prevent the signing up of any other DGA domains.
ZLoader is included in a family of malware variants that originated from the ZeuS banking Trojan. At first, ZeuS was employed for credential and financial fraud, with the goal of moving funds from victims’ monetary accounts. The hacker responsible for the malware then organized a malware-as-a-service operation to transmit ransomware and malware to other threat actors including Ryuk.
Ryuk ransomware was widely utilized in attacks on the medical field since its rise in 2018, and ZLoader was one method of transmitting the ransomware. ZLoader can deactivate a widely used antivirus tool to avoid discovery, and the malware was used on many devices, which are primarily in healthcare and education.
The takedown of the botnet is considerable; nonetheless, the botnet operators are most likely already doing something to build another command and control infrastructure. Microsoft mentioned the seizure was successful and led to the non-permanent deactivation of the ZLoader system, which has made it more challenging for the organized criminal group to proceed with its malicious pursuits.
The case was referred to authorities, who are keeping track of this activity closely and will keep working with our partners to keep an eye on the actions of these threat actors. Microsoft will consult with internet service providers to distinguish and remediate affected individuals. Microsoft additionally established that it is set to take additional legal action and use technical options to take care of ZLoader and other botnets.
Microsoft furthermore named Denis Malikov, who lives in Simferopol on the Crimean Peninsula, as somebody who is thought to be liable for creating a part of the malware that was employed for sending ransomware. This implies that cybercriminals won’t be permitted to hide behind the anonymity of the web to commit their criminal activity.
Microsoft stated that the cybersecurity company ESET, Black Lotus Labs, and Palo Alto Networks’ Unit 42 team helped with its inquiry of the ZLoader activities. The Health Information Sharing and Analysis Center (H-ISAC), the Microsoft Threat Intelligence Center, the Financial Services Information Sharing and Analysis Centers (FS-ISAC), and the Microsoft Defender Teamadditionally furnished supplemental information.
by Maria Perez | Apr 12, 2022 | Compliance News
Cyberattack on SuperCare Health Impacts 318,000 Patients
SuperCare Health located in Downey, CA, a provider of post-acute, in-home respiratory care services in the Western United States, has lately commenced informing 318,379 patients regarding the compromise and likely access by unauthorized individuals to some of their protected health information (PHI) due to a cyberattack that took place in July 2021.
SuperCare Health mentioned in its March 25, 2022 breach notice that it found unauthorized activity in its IT networks on July 27, 2021. It quickly took steps to protect its network and block further unauthorized access. Third-party cybersecurity professionals looked into the nature and extent of the breach.
The investigation established that unauthorized persons got access to segments of its system from July 23, 2021 to July 27, 2021. It was probable that the hackers accessed files on the network that included the PHI of patients. A detailed analysis of the contents of the files was done, which confirmed on February 4, 2022, that they comprised the following sensitive patient information: names, dates of birth, addresses, hospital/medical group, medical record numbers, patient account numbers, medical insurance data, claims details, test/diagnostic/treatment details, and other health-associated data. Some persons additionally had their Social Security numbers and/or driver’s license numbers compromised.
SuperCare Health stated that due to the security breach, it assessed its security measures and put in place supplemental security procedures to better secure the personal data and PHI of patients.
SuperCare Health is providing affected individuals a free membership to an identity theft protection service, including dark web monitoring, credit monitoring, and an identity theft reimbursement insurance coverage.
Englewood Health Alerts 3,900 Patients Concerning PHI Compromise
Englewood Health, an acute care 289-bed teaching hospital based in Englewood, NJ, has just announced a security breach involving the PHI of 3,901 persons. On February 14, 2022, Englewood Health found out that the username and password of a worker were exposed, which permitted an unauthorized person to acquire access to patient names, birth dates, and limited health data. Englewood Health mentioned the unauthorized actor acquired access to patient data for just 40 minutes prior to the detection and blocking of intrusion.
As a result of the breach, Englewood Health has enhanced its administrative, physical, and technical system controls. Patients were already alerted through the mail and though just a limited amount of information was breached, free credit monitoring services were given to impacted individuals.
by Maria Perez | Mar 29, 2022 | Compliance News
Three email incidents were lately announced by CareOregon Advantage, University Medical Center Southern Nevada, and Ultimate Care. A total of 38,485 individuals were affected.
PHI of CareOregon Advantage Members Compromised Because of Misdirected Email
CareOregon Advantage, the medical insurance agency based in Portland, OR, has begun informing 10,467 plan members concerning an impermissible disclosure of their protected health information (PHI). On January 27, 2022, an email message that contains an attachment with plan member data was provided to a hired consultant by mistake.
The consultant promptly advised CareOregon Advantage regarding the blunder and permanently erased the email and file attachment. The attached file comprised information like member names, ID numbers, Medicare/Medicaid numbers, and dates of birth. CareOregon Advantage thinks the threat of misuse of member information is minimal.
CareOregon Advantage stated its investigation affirmed that it has the appropriate policies and procedures set up to handle these types of events and those policies and protocols are assessed every year. The staff member who mailed the email was provided with more training.
15,788 People Affected by Phishing Attack on Ultimate Care
Ultimate Care, the home care agency located in Brooklyn, NY, has lately reported that unauthorized persons
accessed some staff email accounts right after staff members clicked on phishing emails. When the security breach was noticed, fast action was undertaken to protect its email platform and a forensic investigation was begun to find out the extent of the breach.
The forensic investigation results confirmed that unauthorized individuals accessed the email accounts between April 7, 2021 and June 2, 2021. A manual assessment of all emails within the accounts established they included names, as well as at least one of these types of data: passport numbers, driver’s license numbers, Social Security numbers, dates of birth, financial account data, credit or debit card details, medical details, health insurance policy data, and/or user ID and passwords.
Ultimate Care mentioned there were no reports acquired that suggest the improper use of any patient data; nonetheless, as a preventative measure against identity theft and fraud, persons whose Social Security numbers were affected were given free one-year memberships to a credit monitoring company. Notification letters were delivered to impacted people on February 22, 2022.
The breach report was submitted to the HHS’ Office for Civil Rights stating that 15,788 people were affected.
Business Associate Email Breach Impacted University Medical Center Southern Nevada Patients
University Medical Center Southern Nevada (UMC) has just affirmed the possible exposure of the PHI of 12,230 individuals was possibly exposed in a cyberattack on a business associate: The healthcare software program supplier Advent Health Partners (AHA).
AHA learned about the email breach at the beginning of September 2021 and established on December 2, 2021, that files that contain the PHI of its healthcare company clients were viewed. The files comprised first and last names, drivers’ license information, Social Security numbers, birth dates, medical insurance details, medical treatment data, and financial account details. AHA sent notification letters concerning the attack on January 6, 2021. Advent Health Partners sent the breach report revealing that 1,383 persons were impacted, nevertheless, a few of its clients, such as UMC, reported the incident independently.
This is UMC’s third reported data breach in the past 1.5 years. UMC suffered a REvil ransomware attack in June 2021 that led to the theft of the PHI of 1.3 million people, and last March 2021, UMC confirmed an unauthorized access/disclosure incident impacting 1,833 persons.
by Maria Perez | Mar 22, 2022 | Compliance News
JDC Healthcare Management located in Dallas, TX, which operates over 70 Jefferson Dental & Orthodontics practices all over the state of Texas, notified the Office of the Attorney General of Texas on March 17, 2022 that a security breach has impacted over 1,000,000 Texans.
On or approximately August 9, 2021, JDC Healthcare Management identified malware in its IT system. The forensic investigation of the data breach confirmed the installed malware in its network on July 27, 2021.
Additional facts on the data breach are now available. JDC Healthcare Management mentioned that the malware allowed unauthorized people access to its IT systems between July 27, 2021 and August 16, 2021. The forensic investigation affirmed that attackers accessed or stolen data on its systems that covered the electronic protected health information (ePHI) of patients.
JDC Healthcare Management revealed in its March 2022 breach notification letters that the thorough evaluation of the affected files is in progress, nevertheless, it has been affirmed that the types of compromised ePHI involved names, Social Security numbers, birth dates, driver’s license numbers, financial data, health insurance details, and health data.
JDC Healthcare Management mentioned in its breach notification letters that after knowing about this incident, it moved swiftly to investigate the incident and take action, examine the security of its network, recover functionality to its setting, and inform potentially affected persons.
JDC Healthcare Management stated it is examining and bettering its present policies and procedures to cut down the possibility of additional security breaches. Afflicted people were instructed to verify their accounts, explanation of benefits statements, and free yearly credit reports, even though the breach notification letters did not mention credit monitoring and identity theft protection services being provided. JDC Healthcare Management mentioned that at the moment of issuing notification letters, it didn’t know of any actual or attempted improper use of patient information.
Notification letters are currently being mailed and the breach report will be sent to the HHS’ Office for Civil Rights. The breach report sent to the Texas Attorney General states there were 1,026,820 Texans’ ePHI possibly breached.
Wheeling Health Right Inc. Experiences Ransomware Attack
Wheeling Health Right Inc. in West Virginia has reported it encountered a ransomware attack last January 2022. The security breach was discovered on January 18, 2022. Data contained in its IT systems weren’t accessed. Wheeling Health Right stated it acquired legal help and a data breach remediation agency to look into the attack and find out the scope to which its systems were breached.
An assessment of all files on the impacted sections of its systems established they comprised sensitive patient and employee data for instance full names, telephone numbers, addresses, email addresses, Social Security numbers, medical record numbers, driver’s license numbers, tax details, income details, and medical data of patients who applied for or got Wheeling Health Right’s services.
Wheeling Health Right says its information technology service provider decrypted, brought back, and rebuilt its systems, started a password reset for all system clients, applied multi-factor authentication for worker email accounts, and installed further endpoint detection and response software program. More privacy and security measures were likewise used, such as giving supplemental cybersecurity training to the personnel.
Wheeling Health Right mentioned affected people were advised on March 18, 2022, and were given identity monitoring for nothing for one year. The incident is not yet published on the HHS’ Office for Civil Rights breach site, thus it is presently not clear how many persons were impacted.
by Maria Perez | Mar 16, 2022 | Compliance News
Capital Region Medical Center (CRMC) based in Jefferson City, MO has lately confirmed that unauthorized individuals accessed patient information in a cyberattack last December 2021 that resulted in the shutdown of its network and phone systems for several days.
The cyberattack was identified on December 17, 2021 because of a disruption in its internet systems. An investigation was begun to know the nature and scope of the breach. A public announcement regarding the security incident was published on December 23, 2021. It was unclear at first if patient data was compromised however that is already confirmed now.
CRMC stated at this period of the investigation it does not seem that the attackers acquired access to its electronic medical record database; nonetheless, the files accessed or possibly accessed by the hackers contained information such as patient names, birth dates, addresses, medical data, and health insurance data. A portion of patients additionally had their driver’s license numbers, financial account data and/or Social Security numbers exposed. That part of patients was provided a complimentary one-year membership to credit monitoring services. CRMC mentioned there was no evidence found thus far that indicates the misuse of any patient information.
CRMC mentioned it will still assess its security policies and will consider opportunities to apply extra cybersecurity procedures to strengthen security and stop the same cyberattacks later on.
The incident is not yet posted on the HHS’ Office for Civil Rights breach portal, therefore it is currently not clear how many people were affected.
Labette Health Informs Patients Concerning October 2021 Cyberattack
Labette Health located in Kansas has just announced that unauthorized persons accessed its IT systems from October 15, 2021 to October 24, 2021.
Labette Health stated that it took prompt steps to safeguard its network and restrict the potential for more harm. Third-party cybersecurity professionals were hired to investigate the security breach and find out the nature and extent of the attack. The investigation determined on February 11, 2022, that certain files and folders located on its network that included patients’ protected health information (PHI) were accessed by unauthorized persons, who may have exfiltrated a number of those files.
The files comprised employee and patient names and one or more of these types of data: medical treatment and diagnosis details, treatment expenses, dates of service, prescription details, Medicaid or Medicare number, health insurance information, and Social Security number.
It has been four months since the occurrence of the breach, and thus far, Labette Health hasn’t identified any proof of misuse of patient or worker data. Labette Health mentioned on March 11, 2022, written notifications were sent to impacted persons as a safety precaution. Those whose Social Security numbers were compromised received free credit monitoring services.
Labette Health stated it implemented the recommendations of cybersecurity experts and has fortified network security, applied stronger password security policies and multi-factor authentication for system access, and has improved endpoint detection software and offered supplemental network security and threat detection instruction to the employees.
The data breach is not yet published on the HHS’ Office for Civil Rights breach website thus it is presently uncertain how many people were affected.
