Ransomware Attacks on Six Healthcare Services Providers Including Lutheran Social Services of Illinois

Lutheran Social Services of Illinois located in Des Plaines, IL is one of the state’s biggest social services providers. It has reported the breach of its systems using ransomware for file encryption. The provider discovered the cyberattack on January 27, 2022, and took systems offline to control the ransomware attack. Third-party cybersecurity experts are investigating the data breach to find out the extent of the attack.

Based on the forensic investigation and document analysis, it was confirmed on December 28, 2022 that the attackers accessed its network from December 31, 2021 to January 27, 2022, and possibly viewed or acquired files with protected health information (PHI). It wasn’t possible to rule out data theft, however, during the issuance of notifications, there was no report received that indicates the use of sensitive data for identity theft or scam. The potentially exposed data included names, dates of birth, financial data, Social Security numbers, biometric data, driver’s license numbers, diagnosis and treatment data, and medical insurance details.

The data breach portal of the HHS’ Office for Civil Rights published a breach report submitted by Lutheran Social Services of Illinois on March 25, 2022. There were 1,000 persons affected by the breach. This report was in keeping with the 60-day reporting deadline required by the HIPAA Breach Notification Rule. However, it seems that the report was a placeholder since the total number of victims has not been determined yet. The breach report submitted to the Maine Attorney General showed there were about 184,183 persons affected, which include 9 Maine locals. There was no mention of the reason for the 12 months delay in sending breach notification letters to the victims.

Lutheran Social Services of Illinois offered free Single Bureau credit monitoring services to the affected individuals and took steps to prevent future unauthorized access to personal records.

University of Colorado Hospital Authority Impacted by Third-Party Data Breach

University of Colorado Hospital Authority (UCHealth) just reported a data breach at one of its vendors that affected 48,879 patients. UCHealth avails the business operation tools and hosted services of a software vendor known as Diligent. Diligent lately informed UCHealth that it encountered a software breach that affected the data of patients, providers, and employees. The attacker accessed the software of Diligent and downloaded attachments from the hosted service including UCHelath files. The attack did not impact UCHealth’s internal files, electronic health records, or email.

UCHealth stated the stolen records contained names, addresses, birth dates, and treatment data. The Social Security numbers and/or financial details of a very limited number of persons were also compromised. UCHealth stated that Diligent has applied extra security measures to stop more data breaches.

PharmaCare Services and NextGen Healthcare Patients’ PHI Exposed

EHR and practice management solution providers, such as PharmaCare Services and NextGen Healthcare, are often targeted by cybercriminals to extort money. The two healthcare providers were lately included in the BlackCat ransomware group’s data leak site. The data of NextGen Healthcare patients are no longer posted but the data of PharmaCare Services patients are still there.

When the information was published, either company has not reported the breach yet to the HHS’ Office for Civil Rights. NextGen Healthcare did state that an investigation of the security incident is ongoing, but normal operations is carried on. A company spokesperson said there seems to be no compromise of client data and there is no proof of data theft found.

The BlackCat ransomware gang works as ransomware-as-a-service and has affiliates that perform attacks for the group in exchange for a fraction of the generated ransoms. BlackCat states that its affiliate partners are not allowed to target medical organizations, ambulance services, and hospitals. However, they can attack pharmaceutical companies and private clinics. The HHS has earlier released an advisory regarding BlackCat ransomware, saying that although there seems to be a suspension on attacks on the healthcare industry, some ransomware groups are known for breaking their own rules on attacking healthcare providers.

Ransomware Attack on Livingston Memorial VNA Health Corporation

Hospice services provider Livingston Memorial VNA Health Corporation in Ventura, CA has announced that hackers acquired access to its IT network and employed ransomware for file encryption around February 19, 2022. It was confirmed by the forensic investigators that attackers accessed patient information just before encrypting files. Nevertheless, there was no report received regarding the misuse of data thus far. The breach additionally impacted the patients of its two affiliates – Livingston Caregivers and Livingston Memorial Visiting Nurse Association.

Livingston explained in its notice sent to the California attorney general that the issuance of notifications was delayed because of the long process of verifying the affected individuals. The listing of impacted persons was completed on November 3, 2022. In accordance with the HIPAA, the provider posted a substitute breach notice on its website between May 6, 2022 and August 9, 2022 stating the occurrence of the security breach. All impacted individuals also received free single-bureau credit monitoring services.

In response to the breach, Livingston also significantly enhanced its cybersecurity posture by improving logging and notifications, including additional internal controls and safety measures, increasing the regularity of third-party penetration assessments, and analysis of all security guidelines and firewall policies.

Recovery of Atlantic General Hospital from Alleged Ransomware Attack

Atlantic General Hospital located in Maryland is presently looking into a security incident that caused the outage of selected network areas. A representative of the hospital stated that the ER is still receiving and treating patients. Elective surgical procedures and other outpatient treatments are still carried out, though the hospital portal states the temporary closure of the walk-in outpatient laboratory until further announcement. Disrupted services include RediScripts pharmacy, outpatient imaging, and pulmonary function testing. At this point of the investigation, the extent of patient data exposure is still not confirmed yet.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone