Tag Archive for: pays

Business Associate Victim of Ransomware Attack Pays $100,000 to HHS OCR | Brooks Pierce


Is your organization a business associate? You could be subject to enforcement action if you fail to protect health information within your control from ransomware attacks.  

In October, for the first time, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reached a settlement agreement with a Health Insurance Portability and Accountability Act (HIPAA) business associate that was the victim of a ransomware attack. The business associate paid $100,000 to resolve allegations that it had failed to sufficiently protect the privacy and security of health information within its control.

Doctors’ Management Services (DMS), a medical practice management company that provides services such as medical billing and payor credentialing, acts as a business associate to several covered entities. On April 22, 2019, DMS informed HHS that DMS’s network server had been infected with GandCrab ransomware, affecting the electronic protected health information (e-PHI) of approximately 200,000 individuals. Although the initial intrusion occurred on April 1, 2017, DMS apparently did not detect the intrusion until December of the following year, when the ransomware was used to encrypt DMS’s files.

OCR’s investigation found evidence that DMS had failed to appropriately monitor its health information systems’ activity (for example, through audit logs, access reports and security incident tracking reports) and had failed to implement reasonable and appropriate policies and procedures to comply with the HIPAA Security Rule.

Under the settlement agreement, DMS agreed to pay $100,000 and to submit to a Corrective Action Plan under which DMS must update its Risk Analysis regarding the potential risks to the confidentiality, integrity and availability of e-PHI held by DMS, and provide documentation supporting a review of its current security measures and the level of risk to its e-PHI associated with network segmentation, network infrastructure, vulnerability scanning, logging and alerts and patch management. DMS must also provide workforce HIPAA training (among other things). OCR will monitor DMS for three years to ensure compliance.

In a press release

Source…

Stronger ransomware protection finally pays off


60% of companies are ‘very’ to ‘extremely’ concerned about ransomware attacks, according to latest research from Hornetsecurity.

ransomware protection awareness

Businesses acknowledge ransomware risk

Hornetsecurity revealed that 92.5% businesses are aware of ransomware’s potential for negative impact. Still, just 54% of respondents said their leadership is ‘actively involved in conversations and decision-making’ around preventing such attacks. 39.7% said they were happy to ‘leave it to IT to deal with the issue’.

“Our survey is a timely reminder that ransomware protection is key to ongoing success. Organizations cannot afford to become victims –ongoing security awareness training and multi-layered ransomware protection is critical to ensure there are no insurmountable losses,” said Daniel Hofmann, CEO of Hornetsecurity.

Reassuringly, 93.2% of respondents rank ransomware protection as ‘very’ to ‘extremely’ important in terms of IT priorities for their organization, and 87.8% of respondents confirmed they have a disaster recovery plan in place for a ransomware attack.

However, that leaves 12.2% of organizations without a disaster recovery plan. Of those companies, more than half cited a ‘lack of resources or time’ as the primary reason. Additionally, one-third of respondents said a disaster recovery plan is ‘not considered a priority by management’.

Organizations urged to stay alert as ransomware evolves

Since 2021, Hornetsecurity has found relatively small changes in the percentage of respondents saying their organizations have fallen victim to a ransomware attack: 21.1% in 2021, 23.9% in 2022, but a new low of 19.7% in 2023.

Additionally, companies that reported paying a ransom are down from 9.1% in 2021 to 6.9% in 2023.

Some of the data in this survey show positive results, with most respondents reporting they understand the importance of protection, and a drop in ransomware attack victims in 2023, showing companies are becoming more vigilant in their data protection.

However, ransomware attacks continue to evolve, so organizations must maintain this vigilance. In 2023, 81% of respondents reported they are receiving end-user training in comparison to 2021,…

Source…

Alberta dental firm pays ransomware gang after attack


Nearly 1.5 million Albertans personal information was recently compromised in a dental data breach as Alberta Dental Service Corporation of Canada announced that it was hacked on July 26, with the attacker encrypting some of its IT systems and data, SiliconAngle reports.

Lyle Best, corporate president of ADSC, said that the organizations cyberinsurance and forensic investigator was immediately engaged and paid the 8base ransomware gang an undisclosed amount of money after the hackers showed they had deleted the data they stole in the attack. The group uses encryption paired with “name and shame” techniques to pressure its victims into paying ransoms.

This breach underscores the critical need for robust security measures in the healthcare sector. Patients personal information must be safeguarded with the utmost vigilance, as the consequences of such incidents extend far beyond the immediate breach, said Erfan Shadabi, a cybersecurity expert with data security specialists comforte AG.

Source…

Canadian dental service pays ransom in 8base ransomware attack


A Canadian provincial government body tasked with providing dental services has paid a ransomware demand after having data stolen in an 8base ransomware attack.

The Alberta Dental Service Corp. said Aug. 10 that it detected the ransomware attack on July 26, when the body discovered that certain data pertaining to public dental benefits programs it administers was implicated in a recent cybersecurity incident. ADSC took measures to prevent authorized access and hired a third-party forensic firm. The corporation was also able to recover affected systems and data from backups with minimal loss.

It’s believed that the data of approximately 1.47 million individuals were compromised, including, in a small number of cases, personal banking information, with those having banking information stolen being offered complimentary credit monitoring services.

So far, the story sounds like a standard ransomware attack where the victim was fortunate to have proper backups and was able to restore service promptly, but then it gets interesting, since ADSC paid the ransom demanded by 8base.

IT World Canada reported that corporate president Lyle Best said in an interview on Friday that a payment was made as part of negotiations between the organization’s cyber insurance provider and forensic investigator. The 8base gang then showed proof the data was deleted as part of the deal.

The amount of the ransom paid was not disclosed. 8base has been active since March 2022 and uses a combination of encryption and “name-and-shame” tactics to force victims to pay a ransom.

According to a report issued by researchers from VMware Inc. in June, the gang operations have similarities to previous ransomware campaigns, suggesting a level of sophistication and experience despite the group’s recent emergence on the ransomware and hacking scene. Typical of most leading ransomware groups in 2023, 8Base operates a leak site where it discloses information about its victims and uses intimidation tactics to pressure victims into paying a ransom.

“This breach underscores the critical need for robust security measures in the healthcare sector,” Erfan Shadabi, a cybersecurity expert with data…

Source…