Tag Archive for: hospital
Tampa General Hospital hack affects data of 1.2M patients
Tampa General Hospital says an “unauthorized third party” hacked its computer network in May and obtained personal data — including Social Security numbers — of about 1.2 million patients.
The hospital says it discovered “unusual activity” on its systems on May 31. An investigation determined the hack by a “criminal group” occurred between May 12 and May 30, according to a statement posted Wednesday on its website.
Tampa General, one of the state’s largest hospitals and a Level 1 trauma center, reported the “cybersecurity event” to the FBI.
“We immediately took steps to contain the activity and began an investigation with the assistance of a third-party forensic firm,” the hospital says. “Fortunately, TGH’s monitoring systems and experienced technology professionals effectively prevented encryption, which would have significantly interrupted the hospital’s ability to provide care for patients.”
A review found the stolen patient data varied by individual. The hospital says its “may” have included names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, medical record numbers, account numbers, dates of service and limited treatment information used for business operations.
Tampa General says patients who may have been affected will receive notification by mail.
The hospital says complimentary credit monitoring and identity theft protection will be available to patients whose Social Security number was involved.
“Patients are encouraged to review statements from their health insurer and health care providers, and to contact them immediately if they see any services they did not receive,” the hospital says.
The hospital adds that its electronic medical record system was not involved or accessed.
“The hospital is continuously updating and hardening systems to help prevent events such as this from occurring and has implemented additional defensive tools and increased monitoring,” the statement says.
Tampa General is a private nonprofit hospital with more than 1,000 beds. It is also a teaching hospital affiliated with the University of…
Luigi Vanvitelli hospital hit by ransomware
On July 4, the Luigi Vanvitelli hospital in Italy posted a notice on its homepage that it had been the victim of a ransomware attack on July 1 and was investigating it. There has been no update since then.
Italy24 reports, in part:
Apparently, cybercriminals have stolen the e-mail passwords of university professors, doctors, managers and many employees. Therefore it emerges as a further “significant incident” to an Italian hospital.
The Vanvitelli company confirmed that the attack took place on July 1 and is currently evaluating the extent of the incident and the nature of the data breach. A computer blackout has occurred which has prevented access to the Internet on computers and has caused the blockage of assistance activities at the Policlinico in Piazza Miraglia.
On July 5, Italian Post reported that the threat actors could be part of a group of Chinese hackers. The suggestion apparently relied on the type of email address provided by the attacker to the hospital to contact the attacker for negotiations.
A spokesperson for the hospital also stated that the attack mostly affected software used in analysis laboratories. “This does not mean that the analysis laboratories are at a standstill, but,” she underlines, “at the moment they are proceeding at a very low speed, in a pseudo manual”.
As of July 6, the National Cybersecurity Agency (ACN) had reportedly provided experts to assist the hospital in assessing the scope of the attack and restoring affected systems.
The hospital has not released any information on the attackers or any ransom demand that DataBreaches could find.
Illinois Hospital Closure Showcases Ransomware’s Existential Threat
An Illinois hospital’s decision to cease operations later this week at least partly because of a 2021 ransomware attack that crippled operations for months is a stark reminder of the sometimes-existential threat that online extortion campaigns can pose.
That’s especially true for resource-strapped small and rural hospitals.
St. Margaret’s Health (SMH) will permanently close its hospitals, clinics, and other facilities at Spring Valley and Peru, Ill. this Friday, June 16, after serving the community for 120 years. Multiple factors led to the decision, including unprecedented expenses tied to the COVID-19 pandemic, low patient volumes tied to social-distancing mandates, and staff shortages that forced the health system to have to rely on temporary staffing agencies.
But the February 2021 ransomware attack on its systems at Spring Valley had a big part to play; they catastrophically impacted the hospital’s ability to collect payments from insurers for services rendered, and the attack forced a shutdown of the hospital’s IT network, email systems, its electronic medical records (EMR) portal, and other Web operations.
A Contributing Factor
SMH vice president of quality and community services Linda Burt says the attack lasted four months, during which employees had no access to the IT system, including email and the EMR system.
“We had to resort to paper for medical records. It took many months, and in some service lines, almost a year to get back online and able to enter any charges or send out claims,” Burt says. “Many of the insurance plans have timely filing clauses which, if not done, they will not pay. So, no claims were being sent out and no payment was coming in.”
SMH is the latest to make the list that security analyst and researcher Adrian Sanabria maintains of organizations that were forced out of business because of a cyberattack over the past two decades. The list currently comprises 24 organizations — many of them small — across multiple sectors. Among the names in the list is payment processing firm CardSystems, which closed in 2005 following a data breach that exposed sensitive data associated with some 40 million credit cards; security firm HBGary which went…