A biweekly summary of cyber issues affecting the healthcare industry, curated with the goal of helping NIHCC members improve their cybersecurity posture.

January 23, 2024

December 2023 Healthcare Data Breach Report


There was no letup in healthcare data breaches as the year drew to a close, with December seeing the second-highest number of data breaches of the year. The Department of Health and Human Services (HHS) Office for Civil Rights received 74 reports of healthcare data breaches of 500 or more records in December, which helped make 2023 a record-breaking year for healthcare data breaches.


https://www.hipaajournal.com/december-2023-healthcare-data-breach-report/




New York AG forces healthcare firm to invest $1.2 million in cybersecurity after ransomware attack


The state of New York is forcing a healthcare provider to invest more than $1.2 million on cybersecurity after a 2021 ransomware attack exposed the sensitive information of more than 250,000 people.


https://therecord.media/new-york-ag-refuah-health-settlement


Cyber attacks are one of the biggest threats facing healthcare systems


Publicly disclosed global cyber security breaches between January and September last year showed that the healthcare sector suffered more attacks (241) than any other sector, ahead of government (147), and information technology including software, hardware and IT services (91), according to research by Omdia, a technology research provider.


https://www.ft.com/content/77d54679-0915-4ce2-a42f-0c2b844da7ef?shareType=nongift


Email threats to patients escalate after Fred Hutch cyberattack


Some patients have started to receive “swatting” threats, in addition to spam emails warning people that unless they pay a fee, their names, Social Security and phone numbers, medical history, lab results and insurance history will be sold to data brokers and on black markets.


https://www.seattletimes.com/seattle-news/health/email-threats-to-patients-escalate-after-fred-hutch-cyberattack/


Hackers Stole $7.5 Million in Federal Money Partly Meant for Poor Communities


Unknown hackers stole $7.5 million from the Department of Health and Human Services last year by breaching a service that the agency uses to distribute federal grants.


https://themessenger.com/news/health-and-human-services-hack-attack-hackers-7-5-million


Exclusive: Cloud Vendor Returns Stolen Hospital Data


A cloud services firm has turned over to a New York hospital alliance the patient data stolen in an August ransomware attack by the notorious LockBit gang. The hospital group - North Star Health Alliance - had filed a lawsuit against LockBit in November as a legal maneuver to force the storage firm to return the patient data the cybercriminals had exfiltrated from the hospitals and stashed on the Massachusetts vendor's servers.


https://www.healthcareinfosecurity.com/exclusive-cloud-vendor-returns-stolen-hospital-data-a-24101


FBI and CISA warn of national security threat posed by Chinese drones


The FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned Wednesday that Chinese-made drones pose a “significant risk” to U.S. critical infrastructure and provided new guidance on how entities can better protect networks from their malicious use.


https://therecord.media/fbi-cisa-warn-of-drone-threat-china


Singing River Health System Notifies 252k Patients of Recent Data Breach


Singing River explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, dates of birth, addresses, Social Security numbers, medical information, and health information.


https://www.jdsupra.com/legalnews/singing-river-health-system-notifies-6934904/


AHA: Rise in Scams Targeting IT Help Desks for Payment Fraud


Threat actors are targeting hospital IT help desks with elaborate social engineering scams to commit payment fraud by using stolen credentials from billing and payments employees, the American Hospital Association warned.


https://www.healthcareinfosecurity.com/aha-rise-in-scams-targeting-help-desks-for-payment-fraud-a-24133


Ransomware gang claims responsibility for Christmas attack on Massachusetts hospital


On Friday, the Money Message ransomware gang claimed it stole 600GB of information from Anna Jaques Hospital (AJH) and said it also has data related to its parent network, Beth Israel Lahey Health. It did not say how much of a ransom it is demanding.


https://therecord.media/ransomware-gang-claims-responsibility-hospital-christmas-attack






This newsletter was made possible by Grant U2REP190572 from the Administration for Strategic Preparedness and Response (ASPR). Its contents are solely the responsibility of the authors and do not necessarily represent the official view of the Department or ASPR. Kootenai Health, 2024.
North Idaho Healthcare Coalition | 2003 Kootenai Health Way, Coeur d'Alene, ID 83814
Unsubscribe nicholas.mechikoff@kh.org
Update Profile | Constant Contact Data Notice
Sent by nicholas.mechikoff@kh.org powered by
Trusted Email from Constant Contact - Try it FREE today.
Try email marketing for free today!