Tag Archive for: patient

Lehigh Valley Health Network hit by cyber attack. Here’s the patient info hackers stole

/in


Reuters

Sandoz launches rival version of AbbVie’s arthritis drug Humira

The Novartis-owned company said its drug, Hyrimoz, will be priced at a 5% discount off Humira’s current list price of $6,922 per month, but that it was also offering an unbranded version of Humira at an 81% discount. Healthcare experts have said that drugmakers will probably launch their Humira biosimilars with small discounts to appeal to pharmacy benefit managers, which take some of their fees as a percentage of the discounts they negotiate on behalf of their customers – large employers and health insurance plans.

Source…

Ransomware gang posted 2,800 patient photos to dark web

/in


A court filing from Allentown, Pa.-based Lehigh Valley Health Network says Russian ransomware gang BlackCat posted 2,800 pictures of breast cancer patients undressed from the waist up, WFMZ reported April 12.  

Lehigh Valley Health Network also said BlackCat demanded $5 million ransom after it breached its IT network on Feb. 6. 

This comes after Lehigh Valley Health Network told Becker’s that BlackCat had posted limited patient information on the dark web, including three screenshots, which were “clinically appropriate photographs of cancer patients receiving radiation oncology treatment at LVPG Delta Medix, as well as seven documents containing patient information.”

Lehigh Valley Health Network is currently facing a lawsuit which accuses it of making a “knowing, reckless and willful decision to let the hackers post the nude images,” while “publicly patting itself on the back for standing up to the hackers” and “consciously and intentionally ignoring the real victims.” 

The health system is trying to transfer this suit from a Lackawanna County, Pa., court to the U.S. District Court and said it could cost more than $55 million to resolve it.

Source…

Hacking healthcare: With 385M patient records exposed, cybersecurity experts sound alarm on breach surge

/in


Healthcare companies more than ever are using electronic records and tapping digital services. That’s also creating more opportunities for cybercriminals — who already have exposed the private medical information of millions of patients — and bolsters the case for the industry to make security priority No. 1, experts say.

Healthcare breaches have exposed 385 million patient records from 2010 to 2022, federal records show, though individual patient records could be counted multiple times.

Hacking incidents, a type of breach, at healthcare firms have skyrocketed in the past five years as cybercriminals demand ransoms in exchange for restoring access to sensitive medical data.

Hacking or IT incident is the most common breach type

Other types include unauthorized access/disclosure, theft, loss, improper disclosure, other and unknown.

While healthcare companies have to improve their cybersecurity given the rise in breaches and cyberattacks, regulators need to raise the bar on cybersecurity standards, experts told Healthcare Dive.

“Could all these organizations do a better job? Absolutely,” said Jim Trainor, former assistant director of the Cyber Division at the Federal Bureau of Investigation and who is now a senior vice president of Aon Cyber Solutions, a global professional services firm.

Disrupting any one of the nation’s 16 critical infrastructure sectors, including the healthcare industry, poses a national security threat. These sectors are vital to daily life for millions of Americans and disabling them would have a debilitating effect on society, according to the Cybersecurity and Infrastructure Security Agency, or CISA, the country’s cyber defense agency.


Cyberattacks that disrupt hospital operations put patients’ lives at risk. The FBI said that the healthcare industry was hit the hardest by ransomware attacks in 2021 compared to other critical infrastructure. And the threats come as hospitals struggle with staffing shortages and financial pressures exacerbated by the COVID-19 pandemic.

In the wake of a ransomware attack on one of the nation’s largest hospital operators last year, Healthcare Dive analyzed more than 5,000 breaches…

Source…

Third-party administrator hack leads to theft of patient data for over 251K

/in


An Austin, Texas-based third-party administrator began notifying over 250,000 patients that their data was stolen. (U.S. Air Force)

Austin, Texas-based Bay Bridge Administrators, a third-party administrator of insurance products, recently began notifying more than 251,000 patients that their data was stolen after a network hack in September 2022.

The “network disruption” was first detected on Sept. 5, which prompted BAA to secure the network and engage with an outside cybersecurity firm to investigate. Forensics showed that the attacker had gained access more than a week before being discovered, which enabled them to exfiltrate “certain data” from the network on Sept. 3.

BBA appears to explain the lengthy delay in notifying patients to a “thorough investigation” that concluded on Dec. 5. Under the Health Insurance Portability and Accountability Act, covered entities have 60 days without undue delay to inform patients of possible data exposure.

The notice uses language to suggest that the breach was not discovered until months after the initial hack and data theft. The Department of Health and Human Services has warned against this type of notice, urging providers to inform patients of possible privacy violations “even if it is initially unclear whether the incident constitutes a breach as defined in the rule.”

For patients tied to BBA, the compromised data was tied to “individuals enrolled in some employment insurance benefits administered” by the business associate in 2022.

The stolen data varied by individual and could include Social Security numbers, contact details, driver’s licenses or state identification numbers, medical data, health insurance information, and/or dates of birth.

Behavioral health provider reports September hack, data exfiltration

In a similar notice to BBA, Circles of Care in Florida is beginning to notify 61,170 patients that their data was stolen after a network hack detected on Sept. 21, 2022.

An investigation deployed with support from a third-party independent cybersecurity team found the attacker first accessed the network on Sept. 6 and used the access to obtain certain information. The investigation concluded on Nov. 29, 2022.

The…

Source…