Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Medical Data. Show all posts
User Privacy
Apollo Hospitals Data Breach Data Leak Medical Data User Privacy

Researchers Unearth a Massive Data Leak Within Apollo Hospitals

 

For security analysts Akshay and Viral, a casual check of a healthcare system's security quickly turned into a huge finding. The duo discovered a major data leak at Apollo Hospitals, one of India's leading hospital networks. 

The breach first came to their attention on January 9, when they discovered a zip file on one of Apollo's subsidiary websites. Recognising the sensitivity, they notified Apollo's management within a few hours on January 10.

The file was erased by February 1, but they raised the issue with the Indian Computer Emergency Response Team (CERT-In) and the National Critical Information Infrastructure Protection Centre (NCIIPC), urging further investigation. 

In March, they uncovered another zip file, which was smaller in size but still included sensitive material, raising new concerns about ongoing security threats. It remains unknown whether Apollo or an intruder is adding and deleting files from the server. 

The leaked data include scanned copies of critical personal documents such as work identification cards, PAN cards, Aadhaar cards, passports, and student IDs. This type of data can be used to commit identity theft, fraud, or illegal access to services. 

Additionally, the breach exposed patient medical records, immunisation information, and credentials associated with patient IDs and many internal databases. This means that an attacker could misuse or publicly disclose confidential health information, such as diagnosis, prescriptions, and treatments.

Who is behind the leak?

The experts suspect the attack was carried out by the KillSec ransomware organisation, a well-known cybercriminal outfit that has attacked a variety of sectors, including healthcare.

Using Halcyon, a cybersecurity platform that tracks ransomware gangs and its actions, they learnt that KillSec targeted Apollo Hospitals in October 2024. The compromised data they discovered also dated back to that time period, establishing the connection.

KillSec is notorious for stealing sensitive data and threatening to publish or sell it unless a ransom is paid. Unlike some ransomware gangs who encrypt data to demand payment, KillSec frequently uses double extortion—stealing data before spreading ransomware, giving them leverage even if the victim refuses to pay. 

No action taken 

The researchers highlighted that well over 60 days had passed since their initial attempt to notify Apollo, far exceeding the industry threshold for responsible disclosure. While non-critical security issues are routinely addressed within this timeframe, breaches of this magnitude are usually resolved within hours by firms of comparable size. 

Organisations must report particular types of cyber incidents to CERT-In within six hours of detection. They must submit accurate data, such as the nature of the breach, the systems involved, and any preliminary results.
Read more »
Medical Data
Australia Data Breach Fertility Clinic Genea IVF Firm Medical Data

Australian IVF Giant Genea Suffers Data Breach Following Cyber Incident

 

A leading Australian IVF clinic suspects personal patient information may have been compromised during a cyber attack earlier this month. 

On February 14, Genea suspended several services and launched an inquiry into suspicious activity discovered on its network. In an update, the health service provider stated, we now believe the attacker may have accessed and stolen personal information that we hold. 

“Our investigation has identified that Genea’s patient management systems, which contain information about you, was accessed by an unauthorised third party,” Genea told patients. “We stress that at this point in time it is unknown what personal information within the folders on the patient management system has been compromised.” 

The patient management system includes a goldmine of information, including names, emails, phone numbers, Medicare and private health insurance details, medical history, prescriptions, test results, and doctor's notes. 

“At this stage there is no evidence that any financial information such as credit card details or bank account numbers have been impacted by this incident,” Genea noted. “The investigation is however ongoing, and we will keep you updated of any relevant further findings should they come to light.” 

The IVF service claimed to have notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner (OAIC). It will also meet with both the latter and the National Office of Cyber Security to "discuss the incident". 

Given that the theft involves personal information that potentially causes harm to those it was stolen from, the OAIC will ensure Genea ticks all of the boxes under the notifiable data breaches program. 

After several patients reported that the company's phone lines were down and that there were issues with its app and emails, Genea said last week that it had been obliged to take some systems and services offline "out of an abundance of caution" as it investigated the incident. 

Patients should be on the lookout for unusual emails, texts, phone calls, and "any other attempts that might relate to possible identity theft or fraud using your personal information". Genea, established in 1986 by Professor Robert Jansen, is one of Australia's top three IVF providers, with thousands of patients and 21 facilities across the country.
Read more »
User Privacy
Data Breach Health Sisters Medical Data US Hospital User Privacy

US Health System Notifies Nearly 900K Patients Regarding a 2023 Data Breach

 

Hospital Sisters Health System informed nearly 882,000 patients that a cyberattack in August 2023 resulted in a data breach that compromised their private and medical data. 

Established in 1875, HSHS works with about 2,200 physicians and employs over 12,000 employees. It also runs a network of physician practices and 15 community hospitals in Illinois and Wisconsin, including two children's hospitals. 

The non-profit healthcare institution stated in data breach notifications given to those affected that the incident was discovered on August 27, 2023, after determining that the hacker had gained access to the HSHS network.

Following the security incident, its systems were affected by a widespread outage that knocked out "virtually all operating systems" and phone systems in Illinois and Wisconsin hospitals. HSHS also hired external security specialists to investigate the incident, assess the impact, and assist the IT staff in restoring hacked systems.

"We are prioritizing patient safety as we establish a process for restoration. With the support of third-party experts, we are bringing our systems back online as quickly and as safely as possible," HSHS noted in a September 2024 statement. "A health system of our size operates hundreds of system applications across thousands of servers, and as such, our restoration and investigative work will take some time to complete.” 

While the incident and subsequent outage appear to be the result of a ransomware attack, no ransomware outfit has claimed responsibility for the breach. Following the forensic inspection, HSHS discovered that between August 16 and August 27, 2023, the perpetrators had accessed files on hacked systems.

The information accessed by attackers while inside HSHS' systems varies by individual, but it typically includes a combination of name, address, date of birth, medical record number, limited treatment data, health insurance information, Social Security number, and/or driver's license number. 

While HSHS stated that there is no evidence that the victims' information was utilised in fraud or identity theft activities, it recommended impacted individuals to keep an eye on their account statements and credit reports for suspicious behaviour. The health system also provides free Equifax credit monitoring for one year to anybody harmed by the breach.

New York Blood Centre (NYBC), one of the biggest independent blood collection and distribution organisations in the world, announced that it had to reschedule some appointments due to a ransomware attack, Connecticut healthcare provider Community Health Centre (CHC) informed more than a million patients regarding a data breach last week. 

UnitedHealth said earlier this month that the Change Healthcare ransomware assault last year had stolen the data of some 190 million Americans, nearly twice as many as the 100 million that were made public in October.
Read more »
User Privacy
Data Breach Data Leak Healthcare Hack Medical Data User Privacy

Community Health Centre Data Breach Impacts Over 1 Million Patients

 

Over a million people have been notified of a recent data breach by Community Health Centre, a nonprofit healthcare organisation based in Middletown, Connecticut. On January 2, 2025, unauthorised activity was detected in its computer systems, and external cybersecurity specialists were hired to help with the investigation and establish the nature and scale of the unauthorised activity. 

The investigation revealed that an online criminal gained access to its computer systems and stole data from the network. The Community Health Centre did not confirm whether a ransom demand was made; however, it did state that no data was deleted from its network and no files were encrypted, therefore the incident had no effect on its daily operations.

In the statement to the Attorney General of Maine, Community Health Centre explained that "there is no current threat to our systems, and we believe we stopped the criminal hacker's access within hours." The breach initially occurred on October 14, 2024, according to the breach notice from the Maine Attorney General.

The file review is now concluded, and the Community Health Centre has confirmed that the following data may have been compromised: names, addresses, phone numbers, email addresses, dates of birth, diagnoses, test results, treatment information, health insurance information, and Social Security numbers.

Up to 1,060,936 people have been impacted, including paediatric patients, their parents, and guardians. Some of the affected individuals passed away, and notifications are being given to their nearest of kin. While the majority of affected patients are likely from Connecticut, the California Attorney General has also been notified of the data leak. 

With over 1 million records, this is the most significant healthcare data breach revealed this year. Employees at Moses-Weitzman Health System were also impacted.

According to Community Health Centre, software has been put in place to keep an eye on its systems for suspicious activity, and security has been reinforced. Community Health Centre has provided the impacted individuals with free identity theft protection services for a period of 24 months, even though there are currently no signs that any of the stolen data has been compromised.
Read more »
Personal Data
data attacks Data Breach Data Leak data security Financial Data healthcare data breach HIPAA Medical Data Medical Data breach Personal Data

Medusind Data Breach Exposes Health and Personal Information of 360,000+ Individuals

 

Medusind, a major provider of billing and revenue management services for healthcare organizations, recently disclosed a data breach that compromised sensitive information of over 360,000 individuals. The breach, which occurred in December 2023, was detected more than a year ago but is only now being reported publicly. 

The Miami-based company supports over 6,000 healthcare providers across 12 locations in the U.S. and India, helping them streamline billing processes and enhance revenue generation. According to a notification submitted to the Maine Attorney General’s Office, the breach was identified when Medusind noticed suspicious activity within its systems. 

This led the company to immediately shut down affected systems and enlist the help of a cybersecurity firm to investigate the incident. The investigation revealed that cybercriminals may have gained access to and copied files containing personal and medical details of affected individuals. Information compromised during the breach includes health insurance details, billing records, and medical data such as prescription histories and medical record numbers. Financial data, including bank account and credit card information, as well as government-issued identification, were also exposed. 

Additionally, contact details like addresses, phone numbers, and email addresses were part of the stolen data. In response, Medusind is providing affected individuals with two years of free identity protection services through Kroll. These services include credit monitoring, identity theft recovery, and fraud consultation. The company has advised individuals to stay vigilant by reviewing financial statements and monitoring credit reports for unusual activity that could indicate identity theft. 

This breach highlights the increasing cybersecurity challenges facing the healthcare industry, where sensitive personal information is often targeted. To address these risks, the U.S. Department of Health and Human Services has proposed updates to the Health Insurance Portability and Accountability Act (HIPAA). These proposed changes include stricter requirements for encryption, multifactor authentication, and network segmentation to protect patient data from cyberattacks. The Medusind incident follows a series of high-profile breaches in the healthcare sector.

In May 2024, Ascension reported that a ransomware attack had exposed data for 5.6 million individuals. Later in October, UnitedHealth disclosed a breach stemming from a ransomware incident affecting over 100 million people. As healthcare providers continue to face cyber threats, the urgency to implement robust data security measures grows. Medusind’s experience serves as a reminder of the significant risks posed by such breaches and the importance of safeguarding sensitive information.
Read more »
United States
Artivion Cyber Attacks Data Leak Medical Data Ransomware United States

Artivion Discloses Ransomware Attack, Disrupting Operations

 

Leading cardiac surgery medical device company Artivion has reported a ransomware attack that occurred on November 21, resulting in the encryption of certain systems and unauthorized data access. The incident forced the Atlanta-based company to take part of its operations offline while addressing the attack.

Artivion's Response

In its 8-K filing with the U.S. Securities and Exchange Commission (SEC), Artivion disclosed that it promptly initiated an investigation and engaged external advisors, including legal, cybersecurity, and forensics professionals. "The incident involved the acquisition and encryption of files. The Company is working to securely restore its systems as quickly as possible and to evaluate any notification obligations," the filing stated.

The company also noted that disruptions to its corporate operations, order processing, and shipping were largely resolved. Despite having insurance coverage for incident response costs, Artivion anticipates additional expenses that will not be covered.

Impact on Operations

Artivion operates manufacturing facilities in Germany, Texas, and Georgia and employs over 1,250 people globally, with sales representatives in more than 100 countries. Although the immediate disruptions caused by the ransomware attack have been mitigated, the company is likely to face longer-term implications, including potential reputational damage and increased cybersecurity investments.

Healthcare Sector Under Siege

The ransomware attack on Artivion is part of a broader wave of cyberattacks targeting healthcare organizations. Recently, the BianLian cybercrime group attacked Boston Children's Health Physicians (BCHP), threatening to expose stolen files unless a ransom was paid. Similarly, UMC Health System and Anna Jaques Hospital faced significant disruptions due to ransomware assaults earlier this year.

These incidents highlight the growing vulnerabilities in the healthcare sector, where sensitive patient data and critical operations make organizations attractive targets for cybercriminals.

Lessons for the Healthcare Industry

The Artivion ransomware attack underscores the urgent need for the healthcare sector to adopt robust cybersecurity measures. Key takeaways include:

  • Proactive Defense: Implementing advanced threat detection and response mechanisms is critical to identifying and mitigating attacks before they cause significant damage.
  • Incident Response Planning: Having a comprehensive incident response plan can minimize disruptions and accelerate recovery efforts during cyberattacks.
  • Employee Awareness: Educating staff about phishing scams and other common attack vectors can help reduce vulnerabilities.

As cyber threats continue to evolve, healthcare organizations must prioritize cybersecurity to safeguard sensitive data and maintain trust in their services.

Read more »
User Privacy
BlackCat Change Healthcare Data Breach Medical Data User Privacy

UnitedHealth Claims Data of 100 Million Siphoned in Change Healthcare Breach

 

UnitedHealth has acknowledged for the first time that over 100 million people's personal details and healthcare data were stolen during the Change Healthcare ransomware assault, making it the largest healthcare data breach in recent years. 

During a congressional hearing in May, UnitedHealth CEO Andrew Witty warned that the attack had exposed "maybe a third" of all Americans' medical data.

A month later, Change Healthcare issued a data breach notification, stating that the February ransomware assault had exposed a "substantial quantity of data" for a "substantial proportion of people in America.” 

Last week, the U.S. Department of Health and Human Services Office for Civil Rights data breach portal increased the overall number of affected people to 100 million, marking the first time UnitedHealth, Change Healthcare's parent company, published an official number for the breach. 

Change Healthcare has sent out data breach alerts since June stating that a huge amount of sensitive information was stolen during the February ransomware assault, including: 

  • Health insurance information (including primary, secondary, or other health plans/policies, insurance firms, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers); 
  • Health information (such as medical record numbers, providers, diagnoses, medications, test results, images, care, and therapy); 
  • Personal information may include billing, claims, and payment information, as well as Social Security numbers, driver's licenses, state ID numbers, and passport numbers.

The information may differ for each person, and not everyone's medical history was disclosed. 

Change healthcare breach 

This data breach was prompted by a February ransomware attack on UnitedHealth subsidiary Change Healthcare, which resulted in severe outages across the US healthcare system. 

The disruption to the company's IT systems prevented doctors and pharmacists from filing claims, as well as pharmacies from accepting discount prescription cards, forcing patients to pay full price for their drugs.

The attack was carried out by the BlackCat ransomware group, also known as ALPHV. They used stolen credentials to get access to the company's Citrix remote access service, which did not have multi-factor authentication activated. 

During the attack, threat actors took 6 TB of data and ultimately encrypted network devices, forcing the organisation to shut down IT infrastructure in order to prevent the attack from propagating further.

UnitedHealth Group acknowledged paying a ransom to get a decryptor and have the threat actors delete the stolen data. The alleged ransom payment was $22 million, according to the BlackCat ransomware subsidiary that carried out the attack.

This ransom payment was meant to be shared between the affiliate and the ransomware operation, but the BlackCat abruptly stopped down, taking the entire payment and committing an exit scam. 

However, this was not the end of Change Healthcare's issues, since the affiliate claimed to still have the company's data and did not delete it as agreed. The affiliate collaborated with a new ransomware operation known as RansomHub and began releasing some of the stolen data, demanding an additional payment for the data not to be leaked.

The Change Healthcare entry on RansomHub's data breach site inexplicably removed a few days later, suggesting that UnitedHealth paid a second ransom demand. 

UnitedHealth said in April that the Change Healthcare ransomware assault resulted in $872 million in losses, which were included in Q3 2024 earnings and are estimated to total $2.45 billion for the nine months ending September 30, 2024.
Read more »
Ransomware attack
American HealthCare Change Healthcare Cyber Attacks Medical Data Ransomware attack

UnitedHealth's Cyberattack Should Serve as a 'Wake-up Call' for HealthCare Sector

 

The US Health and Human Services Department (HHS) announced Tuesday that it would assist doctors and hospitals in locating alternate claims processing platforms to help restart the flow of business following a cyberattack on a UnitedHealth Group (UNH) subsidiary that crippled operations of a large swath of America's health systems for the past two weeks. 

On February 21, a cyberattack paralysed Change Healthcare, which hospitals, doctors' offices, and pharmacies use to handle payments and prior authorizations for patient visits and medicines.

United gave a lengthy status update Tuesday afternoon, stating that the attack was carried out by BlackCat, a well-known Russian-backed ransomware outfit. 

The FBI was aware of BlackCat, also known as ALPHV, and was successful in breaching the group at the end of last year, but was unable to put it down. BlackCat has previously targeted a number of healthcare companies. It claimed to have collected up to 6 gigabytes of data during the last attack, and that it received $22 million in bitcoin, a transaction visible on the blockchain, but it is still being determined where it came from. 

Based on the most recent statistics, 90% of claims are still being processed for health providers, and pharmacies should be fully operational by Thursday, UHG explained in a statement Tuesday.

Additionally, the company noted, "We've made progress in providing workarounds and temporary solutions to bring systems back online in pharmacy, claims and payments." 

While smaller systems that rely heavily on Change Healthcare are suffering, larger systems with many vendors or the financial capacity to quickly switch to another provider are less affected. 

"This may be the first of its kind, where an outage at the interoperability layer weakens the capacity of the system to function," stated Aneesh Chopra, former US chief technology officer and currently co-founder and president of CareJourney, a healthcare analytics company. "This is a wake-up call on the need for redundancy in systems so we have backup options when a particular vendor goes down.” 

Third-party risks 

Tech platforms have had difficulty allowing their software to interact with each other and provide seamless connectivity for health systems due to regulations safeguarding patient data. However, newer products have made interoperability easier to achieve, which also makes them more susceptible to attacks. 

United's attack makes sense for that reason because it choked off a key mechanism in the inner workings of the system. The change enables several healthcare system companies to handle payments and claims. For example, CVS (CVS) reports that 25% of its claims are processed using Change.

This is in stark contrast to earlier attacks that target specific organisations, such as insurance and hospitals, and affect only one aspect of the system. 

United is also a tempting target because its Optum brand comprises Optum Financial, a different division of UHG that operates a number of payment systems.
Read more »
Subscribe to: Posts (Atom)