Tag Archive for: care

Massive health care hack faces federal scrutiny

/in


  • ASSOCIATED PRESS Pages from the United Healthcare website are displayed on a computer screen, on Feb. 29, in New York. Federal civil rights investigators are looking into whether protected health information was exposed in a recent cyberattack against Change Healthcare, a massive U.S. health care technology company owned by UnitedHealth Group.

    ASSOCIATED PRESS

    Pages from the United Healthcare website are displayed on a computer screen, on Feb. 29, in New York. Federal civil rights investigators are looking into whether protected health information was exposed in a recent cyberattack against Change Healthcare, a massive U.S. health care technology company owned by UnitedHealth Group.

Federal civil rights investigators are looking into whether protected health information was exposed in the recent cyberattack on Change Healthcare.

The Office for Civil Rights said today that it also will examine whether Change Healthcare followed laws protecting patient privacy.

Change Healthcare provides technology used to submit and process insurance claims — and handles about 14 billion transactions a year.

The investigation was spurred by the “unprecedented magnitude” of the attack, Office for Civil Rights Director Melanie Fontes Rainer said in a letter.

The Office for Civil Rights, which is part of the U.S. Department of Health and Human Services, enforces federal rules that establish privacy and security requirements for patient health information.

UnitedHealth Group, which owns Change Healthcare, said it would cooperate. Spokesman Eric Hausman added that UnitedHealth Group is working with law enforcement to investigate the extent of the attack.

Attackers gained access to some of Change Healthcare’s information technology systems last month, disrupting billing and care-authorization systems across the country.

The American Hospital Association said recently that some patients have seen delays in getting prescriptions, and hospitals have had issues processing claims, billing patients and checking insurance coverage.

Change Healthcare said today that all of its major pharmacy and payment systems were back online. Last week, the company said it expects to start reestablishing connections to…

Source…

McLaren Health Care Hack Affected Millions; Lawsuits Pile Up

/in


Breach Notification
,
HIPAA/HITECH
,
Security Operations

Michigan Healthcare Provider Faces 7 Federal Lawsuits in Alphv/BlackCat Data Theft

Marianne Kolbasuk McGee (HealthInfoSec) •
November 13, 2023    

McLaren Health Care Hack Affected Millions; Lawsuits Pile Up
McLaren Health Care is facing seven proposed federal class action lawsuits following a recent data theft affecting nearly 2.2 million patients. (Image: McLaren)

McLaren Health Care is notifying 2.2 million individuals of a data breach weeks after ransomware group Alphv/BlackCat claimed to have stolen 6 terabytes of patient records in an August attack. In the meantime, the number of federal lawsuits filed against the Michigan-based healthcare system has more than doubled over the last month.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

McLaren Health Care on Thursday reported the hacking incident to Maine’s attorney general as affecting nearly 2.19 million individuals, including 77 Maine residents.

The compromised information includes individuals’ name, Social Security number, health insurance information, birthdate, and medical information including billing or claims information, diagnosis, physician information, medical record number, Medicare/Medicaid information, prescription/medication information, diagnostic results and treatment information, McLaren said.

McLaren also reported the incident to federal regulators on Oct. 20 with a placeholder estimate of 501 individuals affected at that time. But based on McLaren’s current estimate of nearly 2.2 million individuals affected,…

Source…

HHS alerts health care sector to ransomware, data extortion gang

/in


The Department of Health and Human Services recently released an advisory to help health care organizations protect their systems and networks from 8Base, a ransomware and data extortion gang targeting small- and medium-sized organizations in health care and other sectors. Recommendations include prioritizing cybersecurity best practices, from regularly updating and patching systems to educating employees to avoid and report phishing emails and malicious attachments. 
  
“This emerging ransomware group appears primarily focused on data extortion rather than data encryption at this point,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “Their rapid rise and large number of attacks indicates this group may be a rebranding of a former group or contain elements of a former ransomware group. I have observed a general trend in which ransomware attackers claim to be ‘penetration testers’ performing a ‘service’ and discussion of ‘vulnerability reports’ for the victim, raising the possibility that these hackers may be affiliated with ‘legitimate’ cybersecurity firms in non-cooperative foreign jurisdictions or have formal cybersecurity training. These data extortion attacks highlight the need to ensure that protected health information (PHI) within our networks, especially PHI outside the electronic medical record, is fully mapped and encrypted at rest and in transit.” 
  
For more information on this or other cyber and risk issues, contact Riggi at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Source…

McLaren Health Care Facing 3 Lawsuits in Ransomware Hack

/in


Cybercrime as-a-service
,
Fraud Management & Cybercrime
,
Governance & Risk Management

Litigation Filed Days After Alphv/BlackCat Claimed to Have Stolen Data of 2.5 Million Patients

Marianne Kolbasuk McGee (HealthInfoSec) •
October 10, 2023    

McLaren Health Care Facing 3 Lawsuits in Ransomware Hack
McLaren Health Care faces at least three proposed federal class action lawsuits so far in the aftermath of a massive data theft allegedly by Alphv/Blackcat. (Image: McLaren Health Care)

A recent attack by a Russian ransomware-as-a-service group that stole the personal information of 2.5 million patients of McLaren Health Care has triggered at least three proposed federal class action lawsuits in recent days, claiming the healthcare company failed to protect patient privacy.

See Also: Challenges and Solutions in MSSP-Driven Governance, Risk, and Compliance for Growing Organizations

The lawsuits – which each make similar allegations, including negligence by McLaren – were all filed in the same Michigan federal court by plaintiffs who are – or were – McLaren patients on behalf of themselves and others situated.

The litigation was filed only days after Alphv/Blackcat on Sept. 29 boasted on its dark web site to have stolen 6 terabytes of “sensitive data” pertaining to 2.5 million McLaren patients. The threat actor also claimed its “backdoor is still running” on McLaren’s network (see: Group Claims it Stole 2.5 Million Patients’ Data in Attack).

Attorneys filed lawsuits quickly against McLaren – even before the company notified individuals…

Source…