- UnitedHealth gave update on ransomware attack on its Change Healthcare division:
- Attack was from BlackCat hacking group of Russia
- 86% of payment processing has now been restored
- Advanced more than $6.5 billion to healthcare providers
- 20% of health centers have had over 50% of their revenue impacted by hack
- 51% of physicians have had to dip into their personal savings to manage financial strain
- Paid $22 million in ransom to hackers
- Potentially exposed PHI of 33% of all Americans
- Ascension Health, headquartered in metro St. Louis, Missouri, announced it was hit by ransomware attack from Black Basta hacking group in Russia:
- Shut down its Epic EHR across all facilities in 19 states
- Diverted emergency medical services to competitors
- Affects up to 140 hospitals and 40 senior living facilities
- Moved back to paper forms and dramatic increase in fax machine use
- Palomar Health Medical Group of California notified an unknown number of patients that their PHI may have been exposed after a cyber attack.
- Verizon published data on breaches in healthcare:
- 83% of breaches caused by miscellaneous errors, privilege misuse, and/or system intrusion
- Insider threats remained a top risk and on the rise
- DocGo, also known as Ambulnz, headquartered in New York City, NY, notified an unknown number of patients that had their PHI exposed after cyber attack.
- Bridgeway Center of Fort Walton Beach, FL, notified 36,353 patients that their PHI was exposed after a cyber attack.
- Presbyterian Healthcare, headquartered in Albuquerque, NM agreed to a multi-million dollar settlement after lawsuit was filed claiming negligence after a cyber attack exposed PHI of 183,370 patients.
- Gifted Healthcare, headquartered in Metairie, Louisiana, has offered a multi-million dollar settlement after being hit with lawsuit alleging negligence after a cyber attack exposed the PHI of 13,221 patients.
- Bluebonnet Trails Community Services of Round Rock, TX, notified 76,165 patients that their PHI was exposed after cyber attack.
- Bluegrass Care Navigators, aka Hospice of the Bluegrass of Kentucky, notified 2,282 patients that their PHI was exposed after cyber attack.
- OrthoConnecticut, headquartered in Danbury, CT, notified 118,141 patients that their PHI was exposed after cyber attack.
- Empath Health of Clearwater, FL notified 5,545 patients that their PHI was exposed after cyber attack.
- VIPRE Security published report on email hacking:
- 1 billion malicious emails intercepted in last year
- 52% = content based detections
- 48% = link based detections
- 20 million emails flagged for containing malicious attachments
- 14% of malicious emails were in healthcare vertical
- The Ohio Lottery notified 500,000 customers that their info may have been exposed after DragonForce ransomware attack.
- The City of Wichita in Kansas notified 360,000 citizens that their info may have been exposed after ransomware attack.
- Asimily Security published report on hacking of IoT devices:
- (IoT device category includes connected MFPs)
- Average ransom paid to hackers is now $1.542 million
- 98% of IoT traffic remains unencrypted
- 400% increase in IoT malware YoY
- 55% of customers do NOT require vendors to provide proof of network security
- 56% do not even have an accurate inventory of IoT devices
- Brandywine Realty of Philadelphia, PA, notified an unknown number of customers that their info was exposed after ransomware attack.
- University of Georgia Universities notified 800,000 students that their info may have been exposed after FERPA breach caused by ransomware attack from CI0p hacking group of Russia.