The Hive ransomware risk group claims to have stolen 550 GB of knowledge from Consulate Health Care. The actors’ darkish net posting appeared across the similar time a discover was posted on the Consulate web site that warned sufferers of potential entry to their information.

Consulate Health owns 140 nursing properties throughout the nation and in addition gives different senior care companies. A STAT report from August exhibits the corporate has been coping with monetary points in recent times, together with submitting for chapter at six of its care websites.

The scale of the group could have widespread information impacts, however the variety of sufferers has not but been listed on the Division of Health and Human Companies breach reporting instrument. Consulate Health has additionally not confirmed whether or not the seller incident is tied to the Hive posting.

At present, they’ve decided that certainly one of Consulate’s distributors skilled a “safety incident” in early December. Risk actors focused parts of the community, prompting incident response plans and an investigation to find out the scope. The evaluation affirm the risk actors could have accessed data containing private info.

The investigation into the incident is ongoing, however Consulate Health issued its discover in an effort of transparency. The supplier intends to inform sufferers as quickly as they’ve decided whether or not their info was contained within the recordsdata accessed by the actors. For now, sufferers are being urged to “stay vigilant”  and monitor for unauthorized exercise.

Consulate Health is “in common contact with our vendor, and we’re intently monitoring the investigation, as they work to finalize the investigation as quickly as attainable.” in accordance with the discover.

Disruptions proceed at CentraState HealthCare after cyberattack

CentraState is constant to face community points after falling sufferer to an obvious cyberattack, first launched through the morning hours of Dec. 30. 

An replace posted final week exhibits 4 departments are nonetheless going through care disruptions after the assault. No walk-ins are being accommodated at its outpatient radiology. As a substitute sufferers are being despatched to a care accomplice website. Just one lab seems to be holding routine appointments and walk-ins, and sufferers are being requested to name forward for appointments at different labs.

As beforehand reported, the hospital’s CEO confirmed the supplier group was coping with technical points stemming from an IT safety situation, which prompted care diversion processes and different appointment delays and cancellations.

The impacted websites are working underneath digital well being document downtime procedures with paper processes, which has allowed for affected person care to proceed with none hostile results.

Sufferers are nonetheless being urged to contact 911 for emergencies, because it continues to reply to the safety points and repair impacts. Nevertheless, officers say their “excessive requirements of affected person care stay in place, and our emergency division continues to operate at close to full functionality with some restricted exceptions.”

After ransomware assault on MedStar Cell, 612K notified of knowledge breach

The information of 612,000 sufferers was probably compromised after a ransomware assault on MedStar Cell Healthcare in October. MedStar Cell is an ambulance service supplier for 15 cities in Tarrant County, Texas.

Deployed on Oct. 20, 2022, community system points prompted an investigation that found a risk actor accessed a restricted location within the community. Numerous affected person recordsdata have been saved within the impacted system, however MedStar Cell was unable to substantiate whether or not these recordsdata have been really accessed by the attacker.

The compromised information concerned sufferers who acquired care from the ambulance service supplier, and for a lot of, solely non-financial billing info was impacted. For a smaller variety of people, names, dates of delivery, contact particulars, remedy info, and different identifiers have been uncovered.

MedStar Cell defined its beforehand applied safety measures enabled immediate motion in opposition to the assault and in addition diminished the proliferation of the assault. With assist from a third-party agency, the supplier is working to bolster its programs and information safety.

271K Avem Health sufferers knowledgeable of Might information breach

Roughly 271,000 Avem Health Companions sufferers are studying {that a} “information safety incident” at a knowledge storage vendor, 365 Information Facilities, presumably compromised their protected well being info. Avem is an administrative and expertise service supplier.

It’s unclear when Avem was notified of the incident, however 365 Information Heart confirmed that information saved on their servers was probably subjected to entry by a risk actor throughout an incident in mid-Might. As HHS just lately reminded suppliers, information breaches are to be reported with out undue delay and inside 60 days of discovery. 

The delay was presumably tied to a evaluate of the recordsdata saved on the impacted servers, as per its breach discover. The evaluate discovered that the compromised info included names, dates of delivery, Social Safety numbers, driver’s licenses, medical insurance particulars, diagnoses, and remedy info.

Sufferers whose driver’s licenses or SSNs have been compromised are being supplied credit score monitoring and identification theft safety companies. 

The incident didn’t straight have an effect on Avem programs. Avem is at present analyzing its vendor relationships and the safety measures of their related companions.

Fitzgibbon Hospital informing sufferers of June 2022 breach

A community hack on June 6, 2022, at Fitzgibbon Hospital in Missouri led to the attainable entry or acquisition of protected well being info for 112,072 sufferers. However sufferers weren’t notified of the incident and information impacts till January 2023.

The discover seems to attribute the delay to solely discovering the attainable information compromise on Dec. 1. It stays to be seen how the delay will probably be considered by HHS.

An investigation was launched in June with assist from a third-party cybersecurity group, which is ongoing. The response group has confirmed private and well being information have been accessed and stolen “in reference to the incident.”

The stolen information various by particular person and will embody SSNs, driver’s licenses, monetary account numbers, medical insurance particulars, and/or medical info. Not all Fitzgibbon Hospital sufferers have been impacted by the community hack. Sufferers with compromised SSNs will obtain free credit score monitoring companies.

Sufferers studying of Maternal & Household Health April 2022 information breach 

Maternal & Household Health Companies (MFHS) just lately started notifying an undisclosed variety of sufferers that their information was accessed throughout a ransomware assault in April 2022, turning into the third supplier to fail to well timed report a PHI incident this month.

Upon discovering the assault on April 4, MFHS engaged a third-party forensic incident response agency for assist with securing their programs and to conduct a forensics investigation. The group discovered that whereas the incident was found in April, the attackers had entry to the system for eight months — starting in August 2021.

The forensics confirmed affected person information was accessed through the incident, together with contact particulars, dates of delivery, SSNs, driver’s licenses, monetary account/fee card info, usernames and passwords, medical information, and/or medical insurance info.