Five Healthcare Victims of Ransomware Attacks

There is a growing trend in breach notifications that do not disclose the exact nature of a cyberattack and whether patient data was stolen. The inability to give this data makes it hard for data breach victims to evaluate the degree of risk they are confronted with. That seems to be what happened with the first two cyberattacks. Both did not mention the ransomware or affirm the data theft that took place.

Albany ENT & Allergy Services Ransomware Attack

In early May 2023, the ransomware groups RansomHouse and BianLian put Albany ENT & Allergy Services (AENT) on their data leak websites, and claimed the theft of 1TB of data from its network prior to file encryption. Proof of data theft was posted on the data leak site of RansomHouse.

Albany ENT & Allergy Services has already stated in its notification letter sent to the Maine Attorney General that unauthorized persons acquired access to its system, which stored the protected health information (PHI) of 224,486 persons, which include 61 Maine locals. AENT mentioned in the letters the detection of suspicious activity in its computer system on March 27, 2023. It conducted a third-party forensic investigation to find out the nature and extent of the data breach. AENT mentioned it confirmed the unauthorized access of an individual to select systems that saved personal data and PHI from March 23, 2023 to April 4, 2023. An analysis of those files affirmed they included employee and patient data like names and Social Security numbers.

AENT began sending notifications to affected persons on March 25, 2023 and offered A year of free credit monitoring services. Because it seems there was data theft according to the statements of the ransomware groups, impacted persons must make sure they make the most of those free services. AENT stated it is going over its guidelines and procedures, will give extra training to its staff, and will be carrying out extra safety measures to further protect data in its systems.

Vascular Center of Intervention, Inc. Ransomware Attack

Surgical Center Vascular Center of Intervention, Inc. (VCI) based in Fresno, CA recently informed patients concerning a security breach discovered on March 29, 2023. As per the notification letters, the forensic investigation of strange network activity established that an unauthorized person might have duplicated or accessed selected documents kept inside VCI’s environment from February 25, 2023 to March 29, 2023.

The analysis of the files was finished on May 17, 2023, and mentioned that names were affected together with at least one of the following: medical background, mental or physical ailment, or medical treatment or examination by a health care expert, birth date, medical insurance details, Driver’s license and/or Social Security Number data. VCI stated current safety measures were improved to further boost security. It sent a notification to the California Attorney General that reveals California locals at least will be offered one year of free identity theft protection and credit monitoring services.

The notification letters did not mention that the BianLian group professed accountability for the attack. The group stated on its data leak website that it extracted 200 GB of information from its systems. The BianLian group performs ransomware attacks, though this year has mostly turned to extortion-only cyberattacks.

It is presently uncertain how many persons were impacted.

Ohio Business Associate Encounters Ransomware Attack

Marshall Information Services (also known as Primary Solutions Inc.) issues notification letters that offer more information. This billing solutions provider to healthcare companies based in Ohio lately informed 7,456 people of having encountered a ransomware attack in August 2022 that blocked access to its systems. It was confirmed by its forensic investigation that the attackers got access to areas of the system that comprised files with the PHI of a number of its covered entity customers, and those files were potentially accessed or obtained during the attack.

The notices state that the files included first and last names together with a few or all of these data elements: address, birth date, Social Security number, medical data like diagnosis, ailment, or treatment, Medicare or Medicaid number, medical record number, individual medical insurance policy number, and in limited instances, payment card details.

A third-party provider examined all the impacted files to determine the affected persons and that evaluation established on February 22, 2023, that PHI was compromised. It is uncertain why that procedure took such a long time. Every covered entity was subsequently informed, and Primary Solutions stated it then caused those clients to inform the impacted persons. Primary Solutions stated free credit monitoring and identity restoration services are being provided via IDX, and it advises affected persons to sign up for these services.

After the incident, Primary Solutions made certain to implement multifactor authentication for remote access, updated configurations to make certain employees access systems using a virtual private network (VPN) that have multifactor authentication and implement a new endpoint detection and response (EDR) solution.

Theft of 2.5 M Individuals’ Clinical Test Data in Enzo-Biochem Ransomware Attack

The biotech and diagnostics firm, Enzo Biochem, based in Farmingdale, NY recently stated in an 8-K filing with the Securities and Exchange Commission about the compromise of the clinical test data of 2.470,000 patients in a ransomware attack that occurred in n April 6, 2023. Enzo Biochem mentioned it took immediate action to secure its system once the breach was discovered. Although the incident disrupted business procedures, all of its services continued to be available to patients and partners.

Enzo Biochem offers treatment options for cancer, infectious and metabolic diseases, and screening services for various transmissible illnesses like STDs and COVID-19. On April 11, 2023, Enzo Biochem confirmed the access to information associated with those services, and its exfiltration in certain instances. The stolen information included names, testing data, and Social Security numbers for around 600,000 individuals. Enzo Biochem is looking into the incident to find out whether employee data was likewise exposed.

Enzo Biochem stated it has incurred and may still incur costs associated with the incident and is analyzing the overall financial effect of the ransomware attack. The company has affirmed that impacted persons will receive a mail about whether their data was deleted and the incident is going to be reported to proper regulatory agencies.

Medford Radiology Group Cyberattack During Memorial Day Weekend

Medford Radiology Group located in Oregon is still recovering from a cyberattack that happened during the Memorial Day weekend. The cyberattack took place on the morning of May 26, 2023. Access to medical images was blocked. The attack investigation is in progress to find out the nature and extent of the breach and the degree of compromise of patient data. Medford Radiology Group stated this was a major cybersecurity attack.

Third-party cybersecurity specialists are looking into the breach and are helping the Group’s support services. All accessible resources are being utilized to provide radiology services and patient care. Although the investigation continues to be in the first stages, Medford Radiology is convinced the incident was restricted to its internal programs and there is no impact on its outside partners.

 

Author: Joe Murray

Joe Murray is the Editor-in-Chief of HIPAA 101, where he leads the writing team in delivering high-quality news and insights on HIPAA regulations. With over 15 years of experience in healthcare journalism, Joe has established himself as a trusted writer. At HIPAA 101, Joe is dedicated to providing healthcare professionals and administrative staff with accurate, timely, and comprehensive information to help them navigate the complexities of HIPAA.