The Clop group mass exploited a zero-day vulnerability present in the MOVEit Transfer file transfer software more than 5 months ago. Until now, attack victims continue to come to light. Billing services provider, Aretis Health LLC, to NorthStar Anesthesia, offers anesthesia and pain management solutions to entities throughout America. Aretis Health reported the hacking of its MOVEit Transfer software program, and an investigation confirmed on July 26, 2023, that the Clop group potentially obtained the information of patients of 54 clients served by NorthStar Anesthesia. Aretis Health informed NorthStar Anesthesia concerning the breach on August 3, 2023, and after the review of the affected files, Aretis Health can send individual notification letters by mail.
The data exposed in the attack contained patient names, addresses, birth dates, Social Security numbers, driver’s license or other state ID card numbers, patient account numbers, medical record numbers, medical insurance data, diagnosis and treatment data, clinical and prescription details, and/or provider data. Aretis Health has submitted the breach report to the HHS’ Office for Civil Rights; nevertheless, it isn’t presently published on the HHS breach site, thus it is still uncertain how many persons were impacted, though there are hundreds of thousands of likely victims from the following healthcare providers.
- AmSol Physicians of Elkin, NC, PLLC
- Gastro South Anesthesia, LLC
- NorthStar Anesthesia III, PA
- NorthStar Anesthesia of Michigan, LLC
- NorthStar Anesthesia of Virginia, LLC
- Anesthesia Company of Houston, PLLC
- Gastroenterology Consultants of Augusta, PC
- NorthStar Anesthesia of Delaware, LLC
- NorthStar Anesthesia of Mississippi, LLC
- NorthStar Anesthesia of West Virginia, PLLC
- Professional Anesthesia Services of Kentucky, PLLC
- Anesthesia Resources Management Solutions, Inc
- NorthStar Anesthesia of Illinois, LLC
- NorthStar Anesthesia of Missouri, LLC
- NorthStar Anesthesia, PA
- River Cities Anesthesia, LLC
- Coronado Anesthesia, PLLC
- KBS Anesthesia, Inc
- NorthStar Anesthesia of Indiana II, LLC
- NorthStar Anesthesia of Montana, PLLC
- NSA Pain Services of Michigan III, PLLC
- Riverside Anesthesia Services, LLC
- Digestive Health Specialists of SE
- Lehigh Anesthesia Associates, PC
- NorthStar Anesthesia of Indiana, LLC
- Northstar Anesthesia of Nebraska, PLLC
- NSA Pain Services of Michigan, PLLC
- Sarasota Anesthesia Services, LLC
- Northeast Gastroenterolgy Center, Inc
- NorthStar Anesthesia of Kansas, LLC
- NorthStar Anesthesia of Ohio, LLC
- Nurse Anesthesia of North Carolina, PLLC
- Sentry Anesthesia Management, LLC
- Epix Anesthesia of Alabama, LLC
- Northern Tier Gastroenterology, Inc
- NorthStar Anesthesia of Kentucky, PLLC
- NorthStar Anesthesia of Oklahoma, PLLC
- Orange City Anesthesia Services, LLC
- Southwest Ohio Anesthesia Consultants, LLC
- Epix Anesthesia of Tennessee, PLLC
- Northern Virginia Surgery Center Anesthesia, LLC
- NorthStar Anesthesia of Michigan II, PC
- NorthStar Anesthesia of Pennsylvania, LLC
- Space Coast Anesthesia, LLC
- Epix Medical Services of Houston, PLLC
- NorthStar Anesthesia II, PA
- NorthStar Anesthesia of Michigan III, PLLC
- NorthStar Anesthesia of Tennessee, PLLC
- PhySynergy, LLC TN
- Sunset Anesthesia, LLC
- Professional Anesthesia Group, LLC
- PhySynergy, LLC AL 53. GI Associates of West Alabama, PC 54. Dupont Anesthesia, PSC
Colorado Department of Health Care Policy & Financing Gives Additional Information on MOVEit Hack
Colorado Department of Health Care Policy & Financing (HCPF) has given additional information on a cyberattack that was initially documented in August 2023. The incident concerned an exploit of the zero-day vulnerability in the MOVEit file transfer program of Progress Software, which IBM, its IT vendor, used for business functions. IBM stated that the vulnerability was exploited on May 28, 2023, and the attacker obtained files with the protected health information (PHI) of Health First Colorado and CHP+ members. The compromised data included complete names, company mailing addresses, company telephone numbers, and Social Security numbers.
Although the incident remains under scrutiny, it has already been confirmed that an unauthorized person could have viewed or obtained provider data in the attack, which includes names and Social Security numbers, in case the latter were employed as tax ID numbers. The additional impacted persons began receiving notifications on October 3, 2023. They were also provided free credit monitoring and identity restoration services.
HCPF has affirmed that around 4,187,732 people had their data compromised, and possibly stolen, during the attack.
Data Breach Impacts 176,200 OrthoAlaska Patients
OrthoAlaska has informed the HHS’ Office for Civil Rights (OCR) concerning a data breach that has impacted 176,203 individuals. Presently, there is not much information about the incident except that it was caused by a hacking/IT incident whereby patient data was compromised or stolen. There is presently no statement posted about the data breach on the website of OrthoAlaska.
The data compromise could possibly be associated with the OrthoAlaska data breach in October 2022 that compromised the data of past workers. In that occurrence, it was confirmed on March 3, 2023, the compromise of employee information, and so OrthoAlaska sent breach notifications on April 3, 2023.
PHI of Physical Therapy Patients in New York Exposed to Cyberattack
The PHI of patients of Physio Logic Medicine, Physio Logic Chiropractic and Physical Therapy, and Dr. Patty DiBlasio were compromised in a cyberattack. On July 31, 2023, upon discovery of the cyberattack, the healthcare providers launched a comprehensive investigation to know the nature and extent of the cyberattack. The investigation showed an unauthorized third party got access to just one server from July 2, 2023 to August 4, 2023. On September 14, 2023, it was confirmed that the attacker potentially accessed PHI, including names, addresses, birth dates, driver’s license numbers, state ID numbers, diagnoses, treatment details, medical health insurance details, and payment card data.
9,580 affected individuals already received breach notifications. The delay in giving notifications was because of the time spent to determine and fill in address details. Extra technical safety measures are being put in place and policies and procedures are being evaluated and will be improved to strengthen data security.