Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Healthcare Breach. Show all posts
SSNs
Cybernews Data Breach Healthcare Healthcare Breach MFA Personal Data SSNs

Florida Healthcare Data Leak Exposes Thousands of Doctors and Hospitals

 

A data breach at Florida-based recruitment firm MNA Healthcare has left sensitive information of over 14,000 healthcare workers and 10,000 hospitals exposed. Discovered on June 20, 2024, by the Cybernews research team, the breach was caused by a misconfiguration that left a database backup publicly accessible online. The database contained sensitive data, including full names, addresses, phone numbers, work experience, encrypted Social Security Numbers (SSNs), and hashed passwords.

The encryption used for the SSNs was found to be vulnerable due to an exposed environment file containing the Laravel App Key, which is used for encrypting SSNs. While encrypted, researchers indicated that decrypting the SSNs is possible, putting affected healthcare workers at risk of identity theft and fraud. The exposed data is particularly concerning because healthcare professionals are often targeted by cybercriminals, as their high salaries make them attractive for financial fraud.

MNA Healthcare is a staffing firm that operates in nine U.S. states, matching healthcare professionals with various organizations. Among the leaked information were communications between medical staff and MNA representatives, job assignments, and license copies. This breach puts not only doctors and healthcare workers at risk of identity theft, but also opens up opportunities for credential stuffing and phishing attacks.

The exposed data also increases the possibility of criminals using stolen SSNs to engage in fraudulent activities such as filing false tax returns, opening credit accounts, and misusing the information to obtain loans or benefits. As the leaked database included names of hospitals and medical institutions, these entities could also face reputational damage and potential legal ramifications.

To prevent future breaches like the one at MNA Healthcare, companies must implement more robust cybersecurity measures. One essential step is ensuring that databases containing sensitive information, such as SSNs and other personal data, are encrypted using stronger, more up-to-date encryption methods. Regular security audits should be conducted to detect any misconfigurations or vulnerabilities in their systems before malicious actors can exploit them.

Another crucial step is implementing stricter access controls and monitoring systems. Limiting access to sensitive data to only necessary personnel and tracking any unusual access attempts or data transfers can help detect a breach early. Additionally, using multi-factor authentication (MFA) for employees accessing critical systems adds an extra layer of security, making it harder for unauthorized individuals to infiltrate the system. Finally, companies should also educate their employees about cybersecurity risks and how to recognize phishing scams to minimize the risk of human error leading to data breaches.

Following the discovery of the breach, MNA Healthcare secured the exposed configuration, but concerns remain about the company’s overall infrastructure security. Security expert Aras Nazarovas pointed out that the backup and encryption issues raise questions about how the company stores sensitive information. 

The healthcare sector remains a popular target for cyberattacks, and this breach highlights the need for stronger cybersecurity practices in protecting personal information. Affected individuals are advised to monitor their financial accounts and consider identity theft protection to mitigate potential risks.
Read more »
Sensitive Information
Data Breach Hacking Attack Healthcare Breach HIPAA RansomHub Security Operations Sensitive Information

Florida Medical Lab Data Breach Exposes 300,000 Individuals’ Sensitive Information

 

Florida-based medical laboratory, American Clinical Solutions (ACS), recently experienced a significant data breach that exposed the sensitive information of approximately 300,000 individuals. The hacking incident, attributed to the criminal group RansomHub, resulted in the theft of 700 gigabytes of data, which has since been published on the dark web. The exposed data includes Social Security numbers, addresses, drug test results, medical records, insurance information, and other highly sensitive personal details. 

ACS specializes in patient testing for both prescription and illicit narcotics, offering its services to healthcare providers. On July 24, ACS reported the breach to the U.S. Department of Health and Human Services’ Office for Civil Rights. The stolen data encompasses lab testing results from January 2016 until May 2024, the period during which the hacking incident allegedly occurred. Privacy attorney David Holtzman, from the consulting firm HITprivacy LLC, expressed concerns over the nature of the exposed information, highlighting the potential for reputational harm, financial compromise, and extortion due to the sensitivity of drug testing data. 

Despite the severity of the breach, ACS has not yet issued a public statement about the incident on its website, nor has it responded to requests for further details. This lack of communication has raised concerns among legal and regulatory experts, who warn that failing to alert patients about the breach may compound the potential harm. Holtzman emphasized the importance of transparency in such situations, suggesting that the absence of a breach notification may prompt investigations by HHS or state attorneys general to determine whether ACS has complied with the Health Insurance Portability and Accountability Act (HIPAA) and other relevant state laws. 

The delay in notifying affected individuals may stem from various factors, including the possibility that law enforcement advised ACS to wait or that the total number of impacted individuals has not yet been determined. Regulatory attorney Rachel Rose pointed out that drug testing data, while not subject to the stringent federal 42 CFR Part 2 privacy regulations that govern substance disorder treatment facilities, is still considered highly sensitive. Rose compared the compromised information to reproductive health records, mental health records, and data related to diseases like AIDS. 

RansomHub, the group behind the attack, has rapidly gained notoriety within the cybersecurity community since its emergence in February. The gang has claimed responsibility for several major hacks across the healthcare sector, including a June attack on the drugstore chain Rite Aid, which compromised the data of 2.2 million individuals. Security firm Rapid7 recently identified RansomHub as one of the most notable new ransomware groups, underscoring the growing threat it poses to organizations worldwide.
Read more »
Patient Data
Cybersecurity Data Breach Data Safety data security Hacker attack Healthcare Breach IT system Patient Data

DocGo Confirms Cyberattack: Patient Health Data Breach

 

In a recent turn of events, DocGo, a prominent mobile medical care firm providing healthcare services across the United States and the United Kingdom, has fallen victim to a cyberattack. The breach, confirmed by the company in a filing with the U.S. Securities and Exchange Commission (SEC), has raised concerns about the security of patient health data and the impact on DocGo's operations. 

Here's what we know so far: According to the SEC filing, DocGo discovered unauthorized activity within its systems and promptly initiated an investigation with the assistance of third-party cybersecurity experts. While the company has not disclosed the specific nature of the cyberattack, it is common practice for organizations to shut down affected IT systems to prevent further compromise. 

As part of their investigation, DocGo determined that the hackers gained access to a "limited number of healthcare records" belonging to the company's U.S.-based ambulance transportation business. This breach has raised serious concerns about the security of patient health information and the potential impact on individuals affected by the attack. In response to the breach, DocGo is actively reaching out to individuals whose data may have been compromised. The company assures that no other business units have been affected, and they have not found evidence of continued unauthorized access. 

Despite the breach, DocGo believes that the incident will not have a significant impact on its operations and finances. One of the key concerns following a cyberattack of this nature is the possibility of ransomware involvement. If the attackers deployed ransomware and a ransom demand is not met, there is a risk that the stolen data could be used as leverage for future extortion attempts against DocGo. However, as of now, no threat actors have claimed responsibility for the breach. The breach at DocGo underscores the importance of robust cybersecurity measures in protecting sensitive medical data. 

Healthcare organizations must remain vigilant against evolving cyber threats and prioritize the security of patient information. Additionally, swift and transparent communication with affected individuals is crucial in mitigating the potential impact of a data breach. As the investigation into the cyberattack continues, DocGo is likely to implement additional security measures to prevent future incidents and safeguard patient health data. 

However, the full extent of the breach and its implications for affected individuals remain to be seen. The cyberattack on DocGo serves as a stark reminder of the persistent threat posed by cybercriminals to organizations across all sectors, including healthcare. It highlights the need for continuous monitoring, robust cybersecurity protocols, and proactive response strategies to mitigate the risks associated with data breaches
Read more »
Ransom
Cyber Attacks Data Leak Healthcare Breach Patient Data Ransom

UnitedHealth Paid Ransom After Massive Change Healthcare Cyber Assault

 

The Russian cybercriminals who targeted a UnitedHealth Group-owned company in February did not leave empty-handed.

"A ransom was paid as part of the company's commitment to do everything possible to protect patient data from disclosure," a spokesperson for UnitedHealth Group stated earlier this week. 

The spokesperson did not reveal how much the healthcare giant paid following the cyberattack, which halted operations at hospitals and pharmacies for more than a week. Multiple media outlets claimed that UnitedHealth paid $22 million in bitcoin. 

"We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it," UnitedHealth CEO Andrew Witty said in a statement Monday. 

UnitedHealth attributed the intrusion on the Russian ransomware gang ALPHV, also known as BlackCat. The group claimed responsibility for the attack, stating that it took more than six terabytes of data, including "sensitive" medical records, from Change Healthcare, which handles health insurance claims for patients who visit hospitals, medical centres, or pharmacies. 

The attack's scale—Change Healthcare performs 15 billion transactions every year, according to the American Hospital Association—meant that even people who were not UnitedHealth clients could have been affected. The attack has already cost UnitedHealth Group almost $900 million, company officials said in reporting first-quarter earnings last week. 

Ransomware attacks, which include disabling a target's computer systems, are becoming more widespread in the healthcare industry. In 2022, a study published in JAMA Health Forum found that the yearly frequency of ransomware attacks against hospitals and other providers increased.

It was "straight out an attack on the U.S. health system and designed to create maximum damage," Witty informed analysts last week during an earnings call about the Change Healthcare incident. According to UnitedHealth's earnings report, the cyberattack is ultimately estimated to cost the organisation between $1.3 billion and $1.6 billion this year.
Read more »
Ransomware attack
Cyber Attacks data security Healthcare Breach Hospitals Ransomware attack

UnitedHealth Group Cyberattack Fallout: Government Intervention and Industry Critique

 

In a recent cybersecurity incident, UnitedHealth Group revealed that its tech unit, Change Healthcare, fell victim to a cyberattack orchestrated by the infamous ransomware gang, Blackcat. The attack, which disrupted healthcare organizations nationwide, targeted electronic pharmacy refills and insurance transactions, prompting urgent responses from both the affected healthcare provider and the U.S. government. 

The attack prompted the U.S. government to announce accelerated Medicaid and Medicare payments to healthcare units impacted by the cyberattack against Change Healthcare. However, this response drew criticism from industry associations such as the American Hospital Association and the American Medical Association. 

The latter expressed concerns that the measures did not adequately protect individual practices and called for more comprehensive financial assistance, including advanced payments for physicians. Facing cash flow concerns resulting from the inability to receive payments for insurance claims, the American Medical Association urged the Department of Health and Human Services to reintroduce widespread accelerated payments, a practice prevalent during the Covid years. 

Hospitals were encouraged to submit payment requests to their healthcare contractors, seeking relief from the financial strain caused by the cyberattack fallout. Change Healthcare responded to the crisis by introducing a new service to help healthcare providers navigate the outage. This online prescription service aims to provide temporary assistance while the company works to restore its pharmacy network, a process expected to take weeks. 

Despite these efforts, the American Hospital Association criticized Change Healthcare's response, with its president and chief executive describing the temporary assistance program as "not even a band-aid" for the problems caused by the cyberattack. The incident highlights the increasing cybersecurity threats faced by the healthcare industry and the ripple effects of such attacks on critical services. 

As healthcare providers grapple with the immediate fallout, the collaboration between the government, industry stakeholders, and affected organizations becomes crucial in addressing both the short-term challenges and implementing long-term cybersecurity resilience measures. 

In conclusion, the UnitedHealth Group cyberattack serves as a stark reminder of the vulnerability of healthcare systems to malicious cyber activities. The ongoing efforts to mitigate the impact, coupled with the industry's critique of the government's response and Change Healthcare's actions, underscore the need for a unified and proactive approach to cybersecurity in the healthcare sector.
Read more »
United States
Cyber Attacks Data Privacy Healthcare Breach Ransomware Gang United States

BlackCat Ransomware Linked to UnitedHealth Subsidiary Optum Hack

 

A cyberattack against Optum, a UnitedHealth Group company, was linked to the BlackCat ransomware gang and resulted in an ongoing outage that impacted the Change Healthcare payment exchange platform. 

Customers were notified by Change Healthcare earlier this week that due to a cybersecurity incident, some of its services are unavailable. The cyberattack was orchestrated by alleged "nation-state" hackers who gained access to Change Healthcare's IT systems, according to a statement made by UnitedHealth Group in an SEC 8-K filing a day later. 

Since then, Optum has been posting daily incident updates on a dedicated status page, alerting users to the fact that most services are temporarily unavailable due to Change Healthcare's systems being offline to contain the breach and prevent future damage. 

"We have a high level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue," Optum stated. "We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online.” 

Links to BlackCat 

Change Healthcare has been holding Zoom calls with partners in the healthcare sector to share information regarding the cyberattack since it affected its systems

One of the individuals involved in these calls informed a local media source that forensic experts participating in the incident response had linked the attack to the BlackCat (ALPHV) ransomware gang (Reuters first reported the Blackcat link on Monday).

Last week, another source informed BleepingComputer that one indicator of attack is a critical ScreenConnect auth bypass vulnerability (CVE-2024-1709), which is being actively used in ransomware attacks against unpatched servers. 

Tyler Mason, vice president of UnitedHealth Group, stated that 90% of the impacted pharmacies had put new electronic claim procedures in place to deal with Change Healthcare issues, but he did not confirm if BlackCat was the root of the attack. 

"We estimate more than 90% of the nation’s 70,000+ pharmacies have modified electronic claim processing to mitigate impacts from the Change Healthcare cyber security issue; the remainder have offline processing workarounds," Mason stated. "Both Optum Rx and UnitedHealthcare are seeing minimal reports, including less than 100 out of more than 65 million PBM members not being able to get their prescriptions. Those patients have been immediately escalated and we have no reports of continuity of care issues.” 

8,000 hospitals and other care facilities, as well as more than 1.6 million doctors and other healthcare professionals, are under contract with United Health Group (UHG), a health insurance provider with operations in all 50 states of the United States. With 440,000 employees globally, UHG is the largest healthcare corporation in the world by sales ($324.2 billion in 2022).
Read more »
Security Breach
CNIL cyber attack Cybercricme Cybersecurity CyberThreat Data Disaster Healthcare Breach Security Breach

Data Disaster: 33 Million French Citizens at Risk in Massive Leak

 


A massive security breach at two third-party healthcare payment servicers has exposed the information of nearly half of all French citizens by way of a major breach of personal information, the French data privacy watchdog revealed last week. As the National Commission on Informatics and Liberty (CNIL) warned in late January, the two leading payment processing outfits, Viamedis and Almerys, both suffered breaches of their systems, resulting in the theft of data belonging to more than 33 million customers from their systems. 

The information that has been compromised includes information such as the date of birth, marital status, social security number, and information about insurance coverage of customers and their families. According to the CNIL, the company did not compromise any banking information, medical records, or contact information. 

As a result of the sophisticated phishing attack that compromised the Almeras and Viamedis third-party payment portals late last month, both payment portals were affected as well. There was no further information provided on the causes of Almery's loss, but there is a high probability that it was a similar incident. 

As Viamedis reported, the attacks occurred within a matter of five days around the beginning of February. Hackers obtained login credentials for health professionals via phishing attacks and gained unauthorized access to the system as a result. 

Even though the exposed information does not include personal financial data, it is still sufficient to increase the likelihood of individuals being targeted by phishing scams, social engineering, identity theft, and insurance fraud as they are exposed to the information. 

According to CNIL, they will ensure Viamedis and Almerys inform impacted individuals personally and directly, to prevent them from falling victim to phishing scams in the aftermath of the attack in compliance with the General Data Protection Regulation (GDPR). In the meantime, Almerys clarified that the central system was not compromised, but the health professional portal had been infiltrated by hackers. 

As confirmed by CNIL, the compromised data includes sensitive information about the affected individuals, including their marriage status, date of birth, social security numbers, insurance details, and insurance coverage, among others. 

As the attackers accessed the two companies' systems in a targeted raid, they were using credentials stolen from healthcare professionals. Following the General Data Protection Regulation of the European Union, the CNIL is working with Viamedis and Almerys to reach out to all affected individuals. Due to the sheer number of customers involved, the process of completing the project will take some time since there are so many of them. 

The third-party payment system which allows patients to not pay for their medical services in advance will not be available for providers for some time as a result of this attack, but users will still be able to access the system. 

Since the massive amount of compromised data has now been in the wrong hands, the French data authority has issued an alert to beware of phishing attacks, and while a detailed investigation is ongoing to determine exactly how the massive breach happened and if Viamedis or Almerys is to blame, a new warning has been issued regarding phishing attacks.
Read more »
Subscribe to: Posts (Atom)