5.1 Million Patients Affected August 2021 Healthcare Breaches

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) publicly posts breaches affecting 500 or more patients to their online breach portal, known as the “HIPAA Wall of Shame.” In August 2021, there were 38 breaches posted on the portal, affecting 5,120,289 patients. August 2021 healthcare breaches predominantly consisted of hacking incidents affecting healthcare providers, with 4,656,453 patients affected by hacking incidents [...]

2023-07-27T16:37:02-04:00September 14th, 2021|

Third-Party Causes Kroger Pharmacy Breach

The influx of third-party breaches should be of concern for any organization working in healthcare. Hackers often target third-party providers to access the sensitive data that they manage for their clients. This fact is evident by the recently announced Kroger pharmacy breach which stemmed from a vulnerability in their file transfer provider, Accellion. More details about the Kroger pharmacy breach are discussed. What We Know About the Accellion [...]

2023-07-28T14:18:09-04:00February 23rd, 2021|

Thousands of Patient Files Posted to the Dark Web

On February 5, 2021, tens of thousand of healthcare patient files from Leon Medical Centers and Nocona General Hospitals were posted for sale on the dark web during a cyberattack. More details about this cyber ransomware healthcare attack are discussed below.  Patient Files for Sale When hackers access the networks of healthcare organizations through cyber ransomware attacks, the hackers often exfiltrate the organization’s [...]

2023-07-31T12:01:15-04:00February 8th, 2021|

10 Largest 2020 Healthcare Breaches

2020 saw record-breaking healthcare breaches with some of the largest recorded breaches in history. Several of these breaches occurred due to healthcare hacks and ransomware incidents, leading the FBI and HHS to issue a warning in October to healthcare organizations against the persistent threat. 10 of the largest 2020 healthcare breaches are discussed below. 2020 Healthcare Breaches and Cybersecurity Incidents The majority [...]

2023-07-31T13:49:10-04:00January 4th, 2021|

What to Do and How to Prevent Ransomware Attacks

Ransomware attacks are the most common type of malware incident in the healthcare industry, with 85% of all malware incidents classified as ransomware. A ransomware attack occurs when a hacker gains access to an organization's network rendering data unusable until a sum of money is paid. In many cases, hackers maliciously encrypt the organization's files so that patient files cannot be accessed. For covered entities, the inability to [...]

2023-08-01T11:25:00-04:00March 2nd, 2020|

FBI Ransomware Guidance Issued

In early October of 2019, the Department of Justice issued FBI Ransomware Guidance. The FBI Ransomware Guidance is a public service announcement that contains updated information about the ransomware threat. This FBI Ransomware Guidance updates and is a companion to to Ransomware PSA I-091516-PSA posted on www.ic3.gov in 2016. What is Included in Latest FBI Ransomware Guidance? The FBI Ransomware Guidance begins with the definition [...]

2023-08-07T11:32:58-04:00December 23rd, 2019|

What is the Ryuk Ransomware Decryptor Bug?

In 2019 alone, at least 3 managed service providers (MSPs) have been attacked by Ryuk ransomware. A Russian-based eCrime group that calls itself “WIZARD SPIDER” has been operating the Ryuk ransomware since August 2018. This group has directed its attacks toward large, enterprise organizations in the hopes of receiving a large ransom sum. Victims of Ryuk ransomware have been using a decryptor to recover their [...]

2023-08-07T11:47:35-04:00December 12th, 2019|

 HIPAA Business Email Compromise 

A cyberthreat known as business email compromise has caused businesses, religious institutions, educational institutions, non-profits, and other companies, to lose billions of dollars since the FBI first began tracking the threat in 2013. Business email compromise (BEC) - also known as CEO impersonation - is a favorite crime of Internet con artists because the practice relies on what any con operation requires for success: deception. These criminals target [...]

2023-08-07T11:49:03-04:00December 10th, 2019|

Average Ransomware Payment Amount Increases in 2019

Ransomware is a significant cybersecurity threat to healthcare organizations. Both the volume of ransomware attacks and the average ransomware payment amount have increased between December of 2018 to Q3 of 2019.  What is a Ransomware Payment? Ransomware is a form of malware that encrypts files on a victim’s computer or server, making them unusable. Cybercriminals demand a ransom in exchange for providing a key to [...]

2023-08-07T11:59:20-04:00November 22nd, 2019|

What is the Emotet Trojan?

What is the Emotet Trojan? The Emotet Trojan is malware that first emerged about five years ago, as a banking trojan. Since that time, the trojan has evolved. Today, Emotet can be found in combination with other banking trojans, information stealers, email harvesters, self-propagation mechanisms, and ransomware.  What are the Dangers of Emotet? Covered entities and business associates may be at risk of an Emotet [...]

2023-08-07T14:54:42-04:00October 11th, 2019|