Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Medical Data. Show all posts
User Privacy
Data Breach Data Leak Healthcare Hack Medical Data User Privacy

Community Health Centre Data Breach Impacts Over 1 Million Patients

 

Over a million people have been notified of a recent data breach by Community Health Centre, a nonprofit healthcare organisation based in Middletown, Connecticut. On January 2, 2025, unauthorised activity was detected in its computer systems, and external cybersecurity specialists were hired to help with the investigation and establish the nature and scale of the unauthorised activity. 

The investigation revealed that an online criminal gained access to its computer systems and stole data from the network. The Community Health Centre did not confirm whether a ransom demand was made; however, it did state that no data was deleted from its network and no files were encrypted, therefore the incident had no effect on its daily operations.

In the statement to the Attorney General of Maine, Community Health Centre explained that "there is no current threat to our systems, and we believe we stopped the criminal hacker's access within hours." The breach initially occurred on October 14, 2024, according to the breach notice from the Maine Attorney General.

The file review is now concluded, and the Community Health Centre has confirmed that the following data may have been compromised: names, addresses, phone numbers, email addresses, dates of birth, diagnoses, test results, treatment information, health insurance information, and Social Security numbers.

Up to 1,060,936 people have been impacted, including paediatric patients, their parents, and guardians. Some of the affected individuals passed away, and notifications are being given to their nearest of kin. While the majority of affected patients are likely from Connecticut, the California Attorney General has also been notified of the data leak. 

With over 1 million records, this is the most significant healthcare data breach revealed this year. Employees at Moses-Weitzman Health System were also impacted.

According to Community Health Centre, software has been put in place to keep an eye on its systems for suspicious activity, and security has been reinforced. Community Health Centre has provided the impacted individuals with free identity theft protection services for a period of 24 months, even though there are currently no signs that any of the stolen data has been compromised.
Read more »
Personal Data
data attacks Data Breach Data Leak data security Financial Data healthcare data breach HIPAA Medical Data Medical Data breach Personal Data

Medusind Data Breach Exposes Health and Personal Information of 360,000+ Individuals

 

Medusind, a major provider of billing and revenue management services for healthcare organizations, recently disclosed a data breach that compromised sensitive information of over 360,000 individuals. The breach, which occurred in December 2023, was detected more than a year ago but is only now being reported publicly. 

The Miami-based company supports over 6,000 healthcare providers across 12 locations in the U.S. and India, helping them streamline billing processes and enhance revenue generation. According to a notification submitted to the Maine Attorney General’s Office, the breach was identified when Medusind noticed suspicious activity within its systems. 

This led the company to immediately shut down affected systems and enlist the help of a cybersecurity firm to investigate the incident. The investigation revealed that cybercriminals may have gained access to and copied files containing personal and medical details of affected individuals. Information compromised during the breach includes health insurance details, billing records, and medical data such as prescription histories and medical record numbers. Financial data, including bank account and credit card information, as well as government-issued identification, were also exposed. 

Additionally, contact details like addresses, phone numbers, and email addresses were part of the stolen data. In response, Medusind is providing affected individuals with two years of free identity protection services through Kroll. These services include credit monitoring, identity theft recovery, and fraud consultation. The company has advised individuals to stay vigilant by reviewing financial statements and monitoring credit reports for unusual activity that could indicate identity theft. 

This breach highlights the increasing cybersecurity challenges facing the healthcare industry, where sensitive personal information is often targeted. To address these risks, the U.S. Department of Health and Human Services has proposed updates to the Health Insurance Portability and Accountability Act (HIPAA). These proposed changes include stricter requirements for encryption, multifactor authentication, and network segmentation to protect patient data from cyberattacks. The Medusind incident follows a series of high-profile breaches in the healthcare sector.

In May 2024, Ascension reported that a ransomware attack had exposed data for 5.6 million individuals. Later in October, UnitedHealth disclosed a breach stemming from a ransomware incident affecting over 100 million people. As healthcare providers continue to face cyber threats, the urgency to implement robust data security measures grows. Medusind’s experience serves as a reminder of the significant risks posed by such breaches and the importance of safeguarding sensitive information.
Read more »
United States
Artivion Cyber Attacks Data Leak Medical Data Ransomware United States

Artivion Discloses Ransomware Attack, Disrupting Operations

 

Leading cardiac surgery medical device company Artivion has reported a ransomware attack that occurred on November 21, resulting in the encryption of certain systems and unauthorized data access. The incident forced the Atlanta-based company to take part of its operations offline while addressing the attack.

Artivion's Response

In its 8-K filing with the U.S. Securities and Exchange Commission (SEC), Artivion disclosed that it promptly initiated an investigation and engaged external advisors, including legal, cybersecurity, and forensics professionals. "The incident involved the acquisition and encryption of files. The Company is working to securely restore its systems as quickly as possible and to evaluate any notification obligations," the filing stated.

The company also noted that disruptions to its corporate operations, order processing, and shipping were largely resolved. Despite having insurance coverage for incident response costs, Artivion anticipates additional expenses that will not be covered.

Impact on Operations

Artivion operates manufacturing facilities in Germany, Texas, and Georgia and employs over 1,250 people globally, with sales representatives in more than 100 countries. Although the immediate disruptions caused by the ransomware attack have been mitigated, the company is likely to face longer-term implications, including potential reputational damage and increased cybersecurity investments.

Healthcare Sector Under Siege

The ransomware attack on Artivion is part of a broader wave of cyberattacks targeting healthcare organizations. Recently, the BianLian cybercrime group attacked Boston Children's Health Physicians (BCHP), threatening to expose stolen files unless a ransom was paid. Similarly, UMC Health System and Anna Jaques Hospital faced significant disruptions due to ransomware assaults earlier this year.

These incidents highlight the growing vulnerabilities in the healthcare sector, where sensitive patient data and critical operations make organizations attractive targets for cybercriminals.

Lessons for the Healthcare Industry

The Artivion ransomware attack underscores the urgent need for the healthcare sector to adopt robust cybersecurity measures. Key takeaways include:

  • Proactive Defense: Implementing advanced threat detection and response mechanisms is critical to identifying and mitigating attacks before they cause significant damage.
  • Incident Response Planning: Having a comprehensive incident response plan can minimize disruptions and accelerate recovery efforts during cyberattacks.
  • Employee Awareness: Educating staff about phishing scams and other common attack vectors can help reduce vulnerabilities.

As cyber threats continue to evolve, healthcare organizations must prioritize cybersecurity to safeguard sensitive data and maintain trust in their services.

Read more »
User Privacy
BlackCat Change Healthcare Data Breach Medical Data User Privacy

UnitedHealth Claims Data of 100 Million Siphoned in Change Healthcare Breach

 

UnitedHealth has acknowledged for the first time that over 100 million people's personal details and healthcare data were stolen during the Change Healthcare ransomware assault, making it the largest healthcare data breach in recent years. 

During a congressional hearing in May, UnitedHealth CEO Andrew Witty warned that the attack had exposed "maybe a third" of all Americans' medical data.

A month later, Change Healthcare issued a data breach notification, stating that the February ransomware assault had exposed a "substantial quantity of data" for a "substantial proportion of people in America.” 

Last week, the U.S. Department of Health and Human Services Office for Civil Rights data breach portal increased the overall number of affected people to 100 million, marking the first time UnitedHealth, Change Healthcare's parent company, published an official number for the breach. 

Change Healthcare has sent out data breach alerts since June stating that a huge amount of sensitive information was stolen during the February ransomware assault, including: 

  • Health insurance information (including primary, secondary, or other health plans/policies, insurance firms, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers); 
  • Health information (such as medical record numbers, providers, diagnoses, medications, test results, images, care, and therapy); 
  • Personal information may include billing, claims, and payment information, as well as Social Security numbers, driver's licenses, state ID numbers, and passport numbers.

The information may differ for each person, and not everyone's medical history was disclosed. 

Change healthcare breach 

This data breach was prompted by a February ransomware attack on UnitedHealth subsidiary Change Healthcare, which resulted in severe outages across the US healthcare system. 

The disruption to the company's IT systems prevented doctors and pharmacists from filing claims, as well as pharmacies from accepting discount prescription cards, forcing patients to pay full price for their drugs.

The attack was carried out by the BlackCat ransomware group, also known as ALPHV. They used stolen credentials to get access to the company's Citrix remote access service, which did not have multi-factor authentication activated. 

During the attack, threat actors took 6 TB of data and ultimately encrypted network devices, forcing the organisation to shut down IT infrastructure in order to prevent the attack from propagating further.

UnitedHealth Group acknowledged paying a ransom to get a decryptor and have the threat actors delete the stolen data. The alleged ransom payment was $22 million, according to the BlackCat ransomware subsidiary that carried out the attack.

This ransom payment was meant to be shared between the affiliate and the ransomware operation, but the BlackCat abruptly stopped down, taking the entire payment and committing an exit scam. 

However, this was not the end of Change Healthcare's issues, since the affiliate claimed to still have the company's data and did not delete it as agreed. The affiliate collaborated with a new ransomware operation known as RansomHub and began releasing some of the stolen data, demanding an additional payment for the data not to be leaked.

The Change Healthcare entry on RansomHub's data breach site inexplicably removed a few days later, suggesting that UnitedHealth paid a second ransom demand. 

UnitedHealth said in April that the Change Healthcare ransomware assault resulted in $872 million in losses, which were included in Q3 2024 earnings and are estimated to total $2.45 billion for the nine months ending September 30, 2024.
Read more »
Ransomware attack
American HealthCare Change Healthcare Cyber Attacks Medical Data Ransomware attack

UnitedHealth's Cyberattack Should Serve as a 'Wake-up Call' for HealthCare Sector

 

The US Health and Human Services Department (HHS) announced Tuesday that it would assist doctors and hospitals in locating alternate claims processing platforms to help restart the flow of business following a cyberattack on a UnitedHealth Group (UNH) subsidiary that crippled operations of a large swath of America's health systems for the past two weeks. 

On February 21, a cyberattack paralysed Change Healthcare, which hospitals, doctors' offices, and pharmacies use to handle payments and prior authorizations for patient visits and medicines.

United gave a lengthy status update Tuesday afternoon, stating that the attack was carried out by BlackCat, a well-known Russian-backed ransomware outfit. 

The FBI was aware of BlackCat, also known as ALPHV, and was successful in breaching the group at the end of last year, but was unable to put it down. BlackCat has previously targeted a number of healthcare companies. It claimed to have collected up to 6 gigabytes of data during the last attack, and that it received $22 million in bitcoin, a transaction visible on the blockchain, but it is still being determined where it came from. 

Based on the most recent statistics, 90% of claims are still being processed for health providers, and pharmacies should be fully operational by Thursday, UHG explained in a statement Tuesday.

Additionally, the company noted, "We've made progress in providing workarounds and temporary solutions to bring systems back online in pharmacy, claims and payments." 

While smaller systems that rely heavily on Change Healthcare are suffering, larger systems with many vendors or the financial capacity to quickly switch to another provider are less affected. 

"This may be the first of its kind, where an outage at the interoperability layer weakens the capacity of the system to function," stated Aneesh Chopra, former US chief technology officer and currently co-founder and president of CareJourney, a healthcare analytics company. "This is a wake-up call on the need for redundancy in systems so we have backup options when a particular vendor goes down.” 

Third-party risks 

Tech platforms have had difficulty allowing their software to interact with each other and provide seamless connectivity for health systems due to regulations safeguarding patient data. However, newer products have made interoperability easier to achieve, which also makes them more susceptible to attacks. 

United's attack makes sense for that reason because it choked off a key mechanism in the inner workings of the system. The change enables several healthcare system companies to handle payments and claims. For example, CVS (CVS) reports that 25% of its claims are processed using Change.

This is in stark contrast to earlier attacks that target specific organisations, such as insurance and hospitals, and affect only one aspect of the system. 

United is also a tempting target because its Optum brand comprises Optum Financial, a different division of UHG that operates a number of payment systems.
Read more »
Personal Data
Cyberattack Data Breach Medical Data Orrick Orrick Law Firm Patient Data Personal Data

Orrick Data Breach: Law Firm Dealing with Data Breaches Hit by One


An international law firm assists businesses impacted by security events has experienced a cyberattack, where it compromised the sensitive health information of hundreds of thousands of data breach victims. 

Orrick, Herrington & Sutcliffe, the San Francisco-based company revealed last week that that during an attack in March 2023, threat actors stole personal information and critical health data of more than 637,000 data breach victims.

Orrick said that the hackers had taken massive amounts of data from its systems related to security incidents at other organizations, for which he provided legal assistance, in a series of letters notifying those impacted of the data breach.

Orrick informs that the data involved in the breach involved its customers’ data, including those with dental policies with Delta Dental, a major healthcare insurance network that covers millions of Americans' dental needs, and those with vision plans with insurance company EyeMed Vision Care.

The company further added that it had contacted with the U.S. Small Business Administration, the behavioral health giant Beacon Health Options (now Carelon), and the health insurance provider MultiPlan that their data was also exposed in Orrick's data breach.

Apparently, the stolen data includes victims’ names, dates of birth, postal address and email addresses, and government-issued identification numbers, such as Social Security numbers, passport and driver license numbers, and tax identification numbers. Also, information about patient’s medical treatment and diagnosis details, insurance claim like date and service-charges, and healthcare insurance numbers and provider details have been compromised. 

Orrick further says that credit or debit card details as well as online account credentials were also involved in the breach. 

Since the initial announcement of the breach, the number of affected individuals have been on the rise. In its recent breach notice, Orrick states that it “does not anticipate providing notifications on behalf of additional businesses,” however the company did not specify how it came to this conclusion. 

Orrick said in December to a federal court in San Francisco that it reached a preliminary settlement to end four class action lawsuits that claimed Orrick failed to disclose the breach from victims for months after it had occurred.

“We are pleased to reach a settlement well within a year of the incident, which brings this matter to a close, and will continue our ongoing focus on protecting our systems and the information of our clients and our firm,” added Orrick’s spokesperson.  

Read more »
Technology
AI technology AI-Healthcare system Medical Data Patient Data Technology

Future Health: AI's Impact on Personalised Care in 2024

 



As we dive into the era of incorporating Artificial Intelligence (AI) into healthcare, the medical sector is poised for a profound transformation. AI holds immense potential in healthcare, offering groundbreaking advancements in diagnostics, personalised treatment approaches, and streamlined administrative processes. Casting our gaze forward to 2024, the influence of AI on patient care is increasingly palpable, with the seamless fusion of technology and healthcare charting a collaborative course toward a future marked by synergy. 

AI's influence is particularly notable in diagnostics, where healthcare professionals leverage its ability to interpret intricate health data. Unlike traditional methods, AI systems analyse diverse datasets, providing a more comprehensive understanding of a patient's health. Recent regulatory recommendations from the World Health Organization (WHO) highlight the global recognition of AI's significance in healthcare, emphasising effective integration, patient safety, and data privacy. 

The concept of personalised medicine, tailoring treatments to individual patients, is evolving with AI playing a crucial role. AI's ability to process and analyse diverse patient data, including genetic details and lifestyle factors, is propelling the development of highly individualised treatment plans. This shift marks a pivotal moment in healthcare, promising a future where care is not only more precise but also tailored to the nuanced needs of individuals. 

In the next three years, trends in AI healthcare use cases are expected to shape the industry. Natural Language Processing (NLP) and Conversational AI will aid in symptom checking and triage, while virtual assistants guide patients and improve automated scheduling. Integrating omics data with Electronic Health Records (EHRs) and wearable device data will enhance patient phenotyping. Stringent regulations on AI, particularly in medical devices, are anticipated in the U.S. and Europe. The evolving role of AI in targeted diagnostics and personalised care simplifies data structuring, empowering healthcare professionals to focus on quality care. 

However, the widespread adoption of AI in daily clinical practice poses a critical challenge. The true potential of AI in healthcare can only be realised when medical professionals collaborate with these technologies, leveraging unique human skills and cognitive function. Those embracing this partnership are poised to harness AI's full potential, offering a glimpse into a future defined by advancements and redefined patient care standards. 

As AI reshapes the industry, ethical considerations take centre stage, especially regarding patient data privacy and the potential for algorithmic bias. The World Health Organization's recommendations reinforce the necessity for robust regulatory frameworks to ensure responsible AI use in healthcare. 

While AI brings significant benefits, the crucial role of human oversight cannot be overstated. AI serves as a valuable tool to assist healthcare professionals rather than replace them, with human judgement remaining essential in interpreting AI-generated data and making final treatment decisions. 

The year 2024 signifies a pivotal moment for AI in healthcare, showcasing its evolution from a conceptual idea to a practical tool enhancing patient care. This journey underscores the relentless pursuit of innovation in the medical field. As AI continues to progress, it holds the potential to unlock new dimensions in personalised patient care, making healthcare more efficient, precise, and tailored to individual needs. Challenges accompany this transformative journey, and the healthcare community must navigate them with a steadfast commitment to ethical practices, ensuring that AI integration enhances rather than compromises patient well-being.


Read more »
Medical Data
AI Tool AI-Healthcare system Al Technology Artifical Intelligence Cyber Security Healthcare Information Technology Medical Data

Accurate Eye Diagnosis, Early Parkinson's Detection

A revolutionary advancement in the realm of medical diagnostics has seen the emergence of cutting-edge AI tools. This ground-breaking technology identifies a variety of eye disorders with unmatched accuracy and has the potential to transform Parkinson's disease early detection.

According to a recent report from Medical News Today, the AI tool has shown remarkable precision in diagnosing a wide range of eye conditions, from cataracts to glaucoma. By analyzing high-resolution images of the eye, the tool can swiftly and accurately identify subtle signs that might elude the human eye. This not only expedites the diagnostic process but also enhances the likelihood of successful treatment outcomes.

Dr. Sarah Thompson, a leading ophthalmologist, expressed her enthusiasm about the implications of this breakthrough technology, stating, "The AI tool's ability to detect minute irregularities in eye images is truly remarkable. It opens up new avenues for early intervention and tailored treatment plans for patients."

The significance of this AI tool is further underscored by its potential to assist in the early diagnosis of Parkinson's disease. Utilizing a foundational AI model, as reported by Parkinson's News Today, the tool analyzes eye images to detect subtle indicators of Parkinson's. This development could be a game-changer in the realm of neurology, where early diagnosis is often challenging, yet crucial for better patient outcomes.

Dr. Michael Rodriguez, a neurologist specializing in movement disorders, expressed his optimism, stating, "The integration of AI in Parkinson's diagnosis is a monumental step forward. Detecting the disease in its early stages allows for more effective management strategies and could potentially alter the course of the disease for many patients."

The potential impact of this AI-driven diagnostic tool extends beyond the realm of individual patient care. As reported by Healthcare IT News, its widespread implementation could lead to more efficient healthcare systems, reducing the burden on both clinicians and patients. By streamlining the diagnostic process, healthcare providers can allocate resources more effectively and prioritize early intervention.

An important turning point in the history of medical diagnostics has been reached with the introduction of this revolutionary AI technology. Its unmatched precision in identifying eye disorders and promise to improve Parkinson's disease early detection have significant effects on patient care and healthcare systems around the world. This technology has the potential to revolutionize medical diagnosis and treatment as it develops further.
Read more »
US Department of Health and Human Services
Cyber Attacks Medical Data Personal Data Breach Prospect Medical Holdings ransomware attacks Rhysida Rhysida ransomware gang US Department of Health and Human Services

Rhysida Ransomware Group: Social Security Numbers, Passport Data Compromised in Recent Hospital Attack


On Thursday, the Rhysida ransomware gang confirmed to have been behind the recent cyberattack on Prospect Medical Holdings, as reported by a dark web listing reviewed by Axios.

Apparently, the ransomware gang stole more than 500,000 Social Security numbers and copies of the company’s employees’ driving licenses and passports. Also, other legal and financial documents are said to be compromised.

Prospect Medical Holdings—currently operating 16 hospitals spread across four U.S. states—confirms that the ransomware attack was launched earlier this month, because of which they have been facing issues in their online operations.

Moreover, several elective surgeries, outpatient appointments, blood drives and other services are put to hold owing to the attack. 

According to a Prospect spokesperson, the company was unable to comment on the suspected data leak due to "the sensitivity of the incident and law enforcement involvement."

"Prospect Medical continues to work around-the-clock to recover critical systems and restore their integrity[…]We are making significant progress. Some operational systems have been fully restored and we are in the process of bringing others online," the spokesperson said. 

Rhysida Ransomware Group 

Rhysida confirmed Prospect as one of its victims on its dark web site this Thursday, stating that it had taken 1.3 terabytes of SQL data and 1 terabyte of "unique" files.

Certainly, if the ransom demands are not fulfilled, the ransomware group has threatened the firm to expose their victims’ names to their site. 

Rhysida, in a listing, says that it will auction off "more than 500,000 SNNs, passports of their clients and employees, driver's licenses, patient files (profile, medical history), financial and legal documents!!!"

The auction apparently ends in nine days, with 50 Bitcoins as ransom, per the listing.

Rhysida first came to light in May, however the government officials and cybersecurity professionals claim to have already known about the group, following instances of the group targeting critical infrastructure organizations in recent months.

Also, the Department of Health and Human Services (HHS) published an advisory in regards to the group, since Rhysida’s prime targets involved organizations in the health and public health sector. They further noted that Rhysida’s victims also involved firms in the education and manufacturing sectors.

HHS has advised organizations to patch known security flaws present in their systems and install data back-ups in case they are taken offline. Moreover, they recommended phishing awareness training programs for employees.  

Read more »
Subscribe to: Posts (Atom)