Cyberattacks Impact Allegheny County, Sutter Senior Care, Maximus Inc. and Prospect Medical Holdings

Sutter Senior Care and Allegheny County Have Data Exposed in the Hacking of MOVEit Transfer

Allegheny County located in Pennsylvania has lately reported the compromise of the protected health information (PHI) of up to 689,686 persons in a hacking incident by the Clop threat group in May 2023. Allegheny County received notification concerning the attack on June 1, 2023. It was affirmed that the group extracted files that contain sensitive information from May 28 to May 29, 2023. Allegheny County stated it got word from the Clop group that it deleted the stolen data, as per the group’s policy of just targeting and extorting money from enterprises; nevertheless, impacted persons were advised to do something to secure their personal data and to sign up for the free credit monitoring and identity theft protection services that were provided.

County officials affirmed that the breached data contained names, dates of birth, Social Security numbers, driver’s license/state ID numbers, taxpayer ID numbers, student ID numbers, and for selected persons, medical data like diagnoses, treatment data, and dates of admission, and medical insurance and billing/claims details.

Nonprofit health plan Sutter SeniorCare PACE located in Sacramento, CA, has likewise lately reported that it was impacted and plan members’ data were compromised during the attacks. Business associate and specialist healthcare management services provider, Cognisight, LLC used the file transfer solution. Cognisight was advised concerning the hacking incident on May 31, 2023, and the forensic investigation of the attack finished on June 5, 2023. Sutter Senior Care was notified regarding the attack on July 12, 2023.

The data stolen during the attack contained names, birth dates, Social Security numbers, and medical data including patient ID numbers and diagnosis, treatment, and provider details. Credit monitoring and identity protection services were provided to the impacted persons. The breach is not yet posted on the HHS’ Office for Civil Rights breach website, thus the number of affected individuals is presently uncertain.

Approximately 11 Million Health Records Affected in a Government Contractor Cyberattack

Government services contracting firm, Maximus Inc. based in Reston, VA, has reported in a Securities and Exchange Commission (SEC) filing that threat actors took advantage of a zero-day vulnerability found in Progress Software’s MOVEit Transfer solution to access the PHI of 8 to 11 million people in May 2023. The Clop ransomware group claimed responsibility for the attack and Maximus was among the entities that were impacted by the Clop group’s mass attack.

Based on the filing, Maximus employed MOVEit Transfer for its external and internal file sharing, as well as for sharing information with government clients that take part in different government services. After Progress Software sent a notification concerning the vulnerability and data breach, Maximus started a forensic investigation and analysis of the impacted files. The investigative process is still in progress yet Maximus already confirmed the inclusion of PHI in the affected files. Maximus stated it cannot report the exact number of individuals impacted until the review process is done, and that it expects the process to take a few more weeks.

Maximus has informed the impacted clients and will give notification to all impacted persons when the analysis ends. Impacted persons will be provided free credit monitoring and identity theft protection services for two years. Maximus has noted expenditures associated with the data breach to the amount of $15 million for the second quarter of 2023.

The Department of Health and Human Services Centers for Medicare and Medicaid Services (CMS) has announced that the PHI of around 612,000 present Medicare recipients was compromised in this incident and about 645,000 persons in total were compromised. The CMS stated it is cooperating with Maximus to send a notification to the impacted persons. The CMS stated the stolen information contains names, birth dates, mailing addresses, phone numbers, email addresses, taxpayer ID numbers/Social Security numbers, Medicare beneficiary numbers, state ID numbers, driver’s license numbers, medical insurance data, claims data, health benefits and enrollment details, and medical backgrounds, which consist of notes, health records/account numbers, ailments, diagnoses, photos, treatment data, and dates of service.

58,000 Persons Impacted by Synergy Healthcare Services Cyberattack

Synergy Healthcare Services (SHS) based in Atlanta, GA recently announced a data breach to the Maine Attorney General that has impacted around 58,034 patients of its healthcare customers: Raydiant Health Care, Consulate Health Care, Independence Living Centers, together with their affiliated care centers.

The administrative service provider stated it detected suspicious activity within its system at the beginning of December 2022. The forensic investigation affirmed on December 15, 2022 the unauthorized access to parts of its computer network containing personal health data by a third party. A third-party data analyst company checked the files on December 22, 2022, and presented the details of the analysis to SHS last May 16, 2023.

The files included data like names, dates of birth, signatures, insurance information, contact details, government ID numbers such as Social Security numbers and driver’s licenses, medical background/treatment details, and financial data. Free credit monitoring services were given to the impacted persons. SHS already took steps to strengthen security to avoid the same incidents later on.

Ransomware Attack on Prospect Medical Holdings Impacts Facilities in Several States

Health system, Prospect Medical Holdings based in Los Angeles, CA operates 17 hospitals and 166 outpatient clinics throughout California, Connecticut, Rhode Island, Pennsylvania, and New Jersey. The health system encountered a ransomware attack that has affected operations throughout its network, which include operations at the Eastern Connecticut Health Network (ECHN) and Crozer Health, its subsidiaries.

Prospect Medical Holdings stated it took immediate steps to stop continuing unauthorized access and took several IT systems offline to secure those systems. Third-party cybersecurity experts investigated and determined the extent of the breach. The company already reported the ransomware attack to the Federal Bureau of Investigation (FBI), which started an investigation. The Department of Health and Human Services has provided government support and mentioned it can give assistance, as necessary, to avoid patient care disruption.

Without IT systems access, ambulances were redirected to other hospitals after the attack, and the impacted healthcare facilities followed their emergency downtime protocols and used paper and pen to record patient data. ECHN stated it decided to momentarily close a few facilities which include diagnostic laboratories, elective surgery, and gastroenterology centers, and stopped outpatient blood drawing, medical imaging, and physical therapy services and is calling patients to rebook consultations.

Efforts to re-establish its systems and go back to normal operations are ongoing. A Prospect Medical Holdings spokesperson mentioned that as the investigation continues, the company is focused on dealing with the urgent needs of patients and working hard to restore normal operations as soon as possible. At this time, the extent to which patient data was exposed is not yet determined. It is presently uncertain which threat group was responsible for the attack.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone