Tag Archive for: patients

Firm Notifies Patients of 55 Health Practices of MOVEit Hack

/in


Breach Notification
,
Cybercrime
,
Fraud Management & Cybercrime

Anesthesiology, Pain Management, Gastro Practices Affected Across Several States

Marianne Kolbasuk McGee (HealthInfoSec) •
October 4, 2023    

Firm Notifies Patients of 55 Health Practices of MOVEit Hack
Image: NorthStar Anesthesia, Arietis Health

Arietis Health, a revenue cycle management vendor is notifying patients of 55 healthcare practices across several states that their sensitive health and personal information has been potentially compromised in a hack of Progress Software’s MOVEit file transfer application.

See Also: How to Reduce Compliance and Risk Workload to Increase Cybersecurity Revenue for Managed Security Service Providers (MSSPs)

Fort Myers, Florida-based Arietis provides billing services to Irving, Texas-based NorthStar Anesthesia, which manages the affected medical practices, which specialize in anesthesia, pain management and related healthcare services.

Arietis in its breach notice said its uses MOVEit file transfer software in the billing services it provides to NorthStar.

Arietis says that it was notified by Progress Software on May 31 of a critical vulnerability affecting MOVEit and took immediate steps to patch its MOVEit server, as advised by Progress Software’s instructions.

But by then, Russian-speaking ransomware group Clop had already launched its mass attack campaign around May 27, when it exploited a zero-day vulnerability in MOVEit to steal data being stored on file transfer servers – a hack that has so far affected thousands of organizations worldwide.

On July 26, Arietis’…

Source…

Firm Notifies Patients of 55 Health Practices Hit by MOVEit Hack

/in


Breach Notification
,
Cybercrime
,
Fraud Management & Cybercrime

Anesthesiology, Pain Management, Gastro Practices Affected Across Several States

Marianne Kolbasuk McGee (HealthInfoSec) •
October 4, 2023    

Firm Notifies Patients of 55 Health Practices Hit by MOVEit Hack
Image: NorthStar Anesthesia, Arietis Health

Arietis Health, a revenue cycle management vendor is notifying patients of 55 healthcare practices across several states that their sensitive health and personal information has been potentially compromised in a hack of Progress Software’s MOVEit file transfer application.

See Also: Live Webinar Tomorrow | Cyber Resilience: Recovering from a Ransomware Attack

Fort Meyers, Florida-based Arietis provides billing services to Irving, Texas-based NorthStar Anesthesia, which manages the affected medical practices, which specialize in anesthesia, pain management and related healthcare services.

Arietis in its breach notice said its uses MOVEit file transfer software in the billing services it provides to NorthStar.

Arietis says that it was notified by Progress Software on May 31 of a critical vulnerability affecting MOVEit and took immediate steps to patch its MOVEit server, as advised by Progress Software’s instructions.

But by then, Russian-speaking ransomware group Clop had already launched its mass attack campaign around May 27, when it exploited a zero-day vulnerability in MOVEit to steal data being stored on file transfer servers – a hack that has so far affected thousands of organizations worldwide.

On July 26, Arietis’ investigation into the incident determined that…

Source…

Surge in Hospital Hacks Endangers Patients, Cyber Official Says

/in


BOSTON—A record year for cyberattacks on U.S. hospitals is putting patients in danger, as hospitals struggle to cope with disabled equipment and frozen data, an official from the American Hospital Association warned Thursday.

Hackers, especially ransomware groups, are routinely taking down medical applications and internet connections, and freezing up patient and operations data, John Riggi, national adviser for cybersecurity and risk at the AHA, said, speaking at a meeting of the Healthcare Information and Management Systems Society. 

“Email and phones go down. Backup computers generally don’t work or have only about three days of data on them,” Riggi said. “We have seen this consistently,” he told the audience of healthcare technology and cyber leaders. 

Healthcare companies, including well-known national hospital operators, continue to be battered by hackers. Services remain disrupted at hospitals owned by private-equity firm Prospect Medical Holdings since a cyber incident in early August. Prospect didn’t immediately respond to a request for comment. 

Scripps Health, a large San Diego-based care provider, sent some patients to two emergency departments at two area hospitals when it was hit with ransomware in 2021. The move caused care delays and increased patient wait times at those facilities, a study in the Journal of the American Medical Association showed. 

Since January, the medical data of more than 61 million people has been stolen or exposed in more than 400 cyberattacks, according to statistics from the U.S. Department of Health and Human Services. This vastly outpaces activity in 2022 and 2021

The average number of patients affected in a hack is 180,000, tripling in the past three years, Riggi said. Most of the data is stolen from network servers and email accounts, as opposed to electronic medical records, he said, which indicates hospitals aren’t taking care to encrypt most of the information. 

That these attacks also disable radiology, scanning and other equipment used to diagnose strokes and treat…

Source…

Florida patients among victims of spate of data hacking

/in


TAMPA — A criminal group now being pursued by the FBI had access to Tampa General Hospital’s computer system for three weeks.

Its attempt to encrypt and ransom the hospital’s data — which could have significantly impeded care of patients — was thwarted by internal security measures. Nonetheless, hackers were still able to download personal data on 1.2 million patients.

The crime is among a spate of recent data breaches affecting Florida patients. HCA Healthcare in July reported that an unauthorized user stole data on about 11 million patients in 20 states, including Florida, and posted it on an online forum. And this week, Johns Hopkins Health System, which runs All Children’s Hospital in St. Petersburg, reported the theft of personal information on 310,000 patients, including almost 10,000 from Florida.

Nationwide, more than 50 million patient records were compromised in 2022, according to analysis by cybersecurity firm Critical Insight. The records of more than 3.4 million Florida patient have been compromised this year and 36 data breaches are still under investigation, according to the Department of Health and Human Services, suggesting that health care firms will continue to remain a favorite target of hackers.

The health care sector is perceived as being more vulnerable than those in the finance, defense or aerospace sectors, said Joe Partlow, chief technology officer at ReliaQuest, a firm that provides computer security guidance to banks, utility companies and health care providers among others. Finance firms tend to invest more in security measures, in part because of regulations, he said. Health data also typically includes Social Security numbers and insurance details prized by hackers.

”They are a good target,” he said. “They know it’s a good trove of personal data.”

The damage is not just to patient confidentiality. The average cost of a health care breach rose to $11 million this year, a 53% increase since 2020, according to an IBM report.

Phishing emails that entice employees to enter log-ons and passwords are still the primary means used by hackers to gain access to computer systems, Partlow said.

Once they have broken in, one tactic is…

Source…