Tag Archive for: patient

Ransomware attack threatens to expose McLaren Health patient data

/in


Michigan Attorney General Dana Nessel warned this week a cyberattack against McLaren Health Care could affect a large number of patients.

McLaren Health, a healthcare system with 15 Michigan hospitals, was hit by a ransomware attack in August, according to the attorney general’s office. Ransomware, a type of malware that can shut down an entire network, is used to steal data before encrypting the system. The stolen information is then held hostage until a ransom is paid.

“This attack shows, once again, how susceptible our information infrastructure may be,” Nessel said in a statement. “Organizations that handle our most personal data have a responsibility to implement safety measures that can withstand cyber-attacks and ensure that a patient’s private health information remains private.”

A cybercriminal group called ALPHV, or BlackCat, claimed responsibility for stealing the sensitive personal health information of 2.5 million McLaren patients, a news release said. But the actual number of affected patients and the type of health information remains unknown.

ALPHV claimed in a message posted to the dark web last week the McLaren data was on the dark web and would be released in a few days unless a ransom payment was received. The group is also linked to the data breach at MGM Resorts that is reportedly costing $100 million.

McLaren shared a statement saying, “we are investigating reports that some of our data may be available on the dark web and will notify individuals whose information was impacted, if any, as soon as possible.”

The healthcare group also said it found no evidence the cybercriminals still have access to the IT system. McLaren has brought in security experts and is working with law enforcement, a news release said.

“Protecting the security and privacy of data in our systems is a top organizational priority, so we immediately launched a comprehensive investigation to understand the source of the disruption and identify what, if any, data exposure occurred,” McLaren said.

Nessel encouraged McLaren patients to protect their data and know the warning signs when someone is using private medical information:

  • A doctor’s bill for services you did not…

Source…

McLaren confirms ransomware hack, patient data possibly at-risk

/in


LANSING, Mich. (AP) — A statement from McLaren Health Care officials on Wednesday said it’s possible patient data may have leaked onto the dark web, thanks to a ransomware attack that shut down its computer network in late August and early September.

McLaren says an investigation confirmed its computer network was targeted by a ransomware event. Officials with McLaren also said another investigation is working to verify whether any private data made its way onto the dark web.

If that fear is confirmed, McLaren says it will notify the impacted individuals “as soon as possible.”

“We want to assure our patients and the communities we serve that our systems remain operational, and we continue to provide the exceptional care for which we are known,” said Dave Jones, marketing manager for McLaren Health Care, in a press release.

A ransomware group known as BlackCat/AlphV, which has claimed responsibility for several high-profile hacking incidents, took credit for the McLaren cybersecurity attack, according to WLNS.

Healthcare providers are required to comply with several federal regulations that create transparency for the affected when personal data leaks occur, including disclosing what types of information were compromised, how people can protect themselves and how the leak is being investigated.

McLaren’s press release on Wednesday also detailed how it is updating its cybersecurity in response to the ransomware hack:

“Protecting the security and privacy of data in our systems is a top organizational priority, so we immediately launched a comprehensive investigation to understand the source of the disruption and identify what, if any, data exposure occurred. We simultaneously retained leading global cybersecurity specialists to assist in our investigation, and we have been in touch with law enforcement. We have also taken measures to further strengthen our cybersecurity posture with a focus on further securing our systems and limiting disruption to our patients and the communities we serve.”

Source…

Ransomware Hackers Publish Patient Info from Mayanei Hayeshua Hospital | The Jewish Press – JewishPress.com | Hana Levi Julian | 21 Elul 5783 – Thursday, September 7, 2023

/in


Photo Credit: Chaim Goldberg / Flash 90

Hackers who stole patient information from the servers at Mayanei Hayeshua Medical Center in Bnei Brak have made good on their threat to publish the data.

The “Ragnar Locker” group demanded a ransom totaling tens of millions of shekels for the information after the break-in, which took place about a month ago, according to Israel Hayom.

Not having received the money, the ransomware hackers announced on their Telegram account that they had released 402 gigabytes of data in the first tranche.

The group threatened to publish the rest of the information it claimed it was holding if the ransom is not paid, including the personal, medical and psychiatric records of patients who include government and Knesset members, rabbonim, Torah sages and other prominent haredi religious patients.

Prime Minister Benjamin Netanyahu underwent treatment for a prostate issue at the hospital in 2015, according to the report.

There is fear in the haredi public that the hackers will create a “Medical WikiLeaks” that could cause serious damage to many members of the Orthodox population, according to the haredi B’Chadarei Haredim news outlet.

Health and Interior Minister MK Moshe Arbel said in response to the initial threat that the government has not previously succumbed to extortion attacks on government data and will not succumb to such attacks on the health system either.

“Along with my instructions to budget tens of millions of shekels for a multi-year cyber preparedness plan in the health system, I also believe it appropriate to publish, on my own initiative, the results of a CT scan I performed at Mayanei Hayeshua Medical Center after a partial resection of my right kidney for a cancerous tumor that was found during tests to determine my eligibility to donate the kidney.

“There is no room for surrendering to blackmail and threats from cyber attackers,” he said. “We must stand as a wall to protect the right to privacy of every patient in the Israeli health system.”

Mayanei Hayeshua Medical Center also responded to the threat, saying in a statement, “The hospital, in cooperation with the Ministry of Health, the…

Source…

Guarding Patient Trust: Healthcare’s Battle Against Ransomware Threats

/in


The global healthcare industry has more to worry about than just treating patients. The ever-growing risk of ransomware is a major threat currently facing the entire sector, compromising confidential patient data, and disrupting the crucial services it provides.

“With ransomware accounting for 54% of all cybersecurity threats in the healthcare industry, the chances of a successful breach are higher than ever,” explains Andrew Hollister, Chief Information Security Officer (CISO), LogRhythm. “A recent example of how threat actors are targeting the industry can be seen in the attack on Barts Health NHS Trust. The Trust, which runs five London-based hospitals and serves more than 2.5m patients, was breached by the ALPHV ransomware gang. This resulted in it compromising 70 terabytes of sensitive data, including National Insurance numbers, financial data, and insurance agreements.”

Healthcare security teams are faced with a challenging, but vital role. There is a growing need for comprehensive detection and response solutions within healthcare to overcome the threats posed by ransomware attacks. 

Here, Hollister tells us more. 

 

Healthcare under attack

The healthcare industry is a top target for hackers due to the vast amount of people that rely on its services on a global scale. Threat actors can hold healthcare service providers at ransom for large pay-outs leaving them with little other option than to give in to their demands. 

“The introduction of more connected Internet of Things (IoT) medical devices plays a part in advancing the patient experience, but also broadens the attack surface for cybercriminals. With access to hospital IT systems, threat actors can easily steal a huge range of important personal data from patients and employees alike,” Hollister explains. “Further to this, the challenges caused by the expanding threat landscape are amplified by tight budgetary constraints within the public sector. Funding limitations leave many healthcare institutions in the difficult position of having to juggle their investment priorities between cybersecurity and direct healthcare provisions.”

The level of data that some criminals can access has the…

Source…