Health

Roundup: Drumbeat of healthcare cyberattacks shows no sign of slowing

As has been the case for, well, years, the past few weeks have seen a steady stream of news about data breaches, ransomware attacks and cybersecurity incidents involving healthcare stakeholders, from hospitals to patient transportation services to public health agencies.

Meanwhile, many months after one of the biggest cyberattacks in recent memory, Change Healthcare – as promised, and as required – has begun sending out breach notifications to millions of Americans. 

Here’s a rundown on some of the most recent headlines.

Patient transport provider hacked

On June 22, DocGo, an ambulatory and remote patient monitoring provider in the U.S. and the U.K., informed Aurora, Colorado-based UCHealth that its Ambulnz patient transport service serving Denver and Colorado Springs medical facilities experienced a cyberattack that may have impacted patients.

It’s the second time in two months that DocGo has been linked to a breach of its third-party patient transportation services.

“This incident did not affect UCHealth’s IT systems or electronic health record,” the health system said on its website Wednesday.

The attack involved unauthorized access that occurred between April 21 and April 22, Ambulnz said in its data security incident notice.

“Through our analysis, we determined that some of those files contain patient information, including names in combination with one or more of the following: dates of birth, addresses, medical record numbers, patient account numbers, health insurance identification numbers, diagnoses and/or treatment information,” the transportation company said in a statement.

A limited number of Ambulnz-transported patients may have had their Social Security numbers and driver’s license numbers exposed in the theft.

Previously on May 7, DocGo filed a notice with the U.S. Securities and Exchange Commission over U.S. patient data breached in a recent cyberattack directly on its IT systems.

Change sends breach notices

On June 20, Change Healthcare began sending customers whose members’ or patients’ data were involved in a notoriously large February data breach that was discovered after a ransomware attack disabled the payments clearinghouse. 

“The information that may have been involved will not be the same for every impacted individual,” the company said in a notice posted to its website

While a breach victim’s health insurance, billing and claims information may have been exposed in the widespread attack, information like medical record numbers, providers, diagnoses, medicines, test results, images, care and treatment plans may also have been included.

“To date, we have not yet seen full medical histories appear in the data review,” Change said. 

Some of those exposed in the Change Healthcare cyberattack could be guarantors who paid bills for healthcare services, the company added.

Formidable in size, the forensic analysis of Change’s operations is yet to be completed, and the company said that additional breach victims may be identified. 

Change posted a substitute notice on its website for its customers so that they may provide information to members and patients, and noted that it does not have addresses for every known victim.

Change has established a dedicated call center for resources and information and is offering trained clinicians to provide callers with support services. 

Individuals can go to Changecybersupport.com for more information and details on these resources or call the toll-free call center at (866) 262-5342, from Monday through Friday, 8 a.m. to 8 p.m. CT, which also includes trained clinicians to provide support services

RansomHub pubs Florida DOH data

With 100 gigabytes of data stolen from its network, the Florida DOH’s employee records, prescription data, screening information and more along with Social Security numbers have been exposed on a Tor-based leak site, Security Week reported Tuesday.

RansomHub began publishing the stolen PII and PHI over the weekend, after the ransomware gang’s July 5 deadline passed, according to the story

The attack also disrupted the agency’s birth and death certificate issuance center. News4JAX reported that, for births after June 28, the department is offering manual processing of birth certificates. For death certificates, a healthcare practitioner’s signature is required, alongside the cause of death and a medical examiner’s signature for issuance.

LockBit attacks CAHl

Security Affairs reported earlier this month that LockBit took responsibility for an attack on a nonprofit critical access hospital provider in Illinois, the 25-bed Fairfield Memorial Hospital.

Fairfield has until July 17 to pay the ransom or watch its stolen data released on the dark web.

Andrea Fox is senior editor of Healthcare IT News.
Email: [email protected]

Healthcare IT News is a HIMSS Media publication.

The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31-November 1 in Washington, D.C.

Related Articles

Back to top button