Arietis Health Notifies 54 Entities About Exposure of Patient Data
It has been more than 5 months since the Clop group mass exploited a zero-day vulnerability in the MOVEit Transfer file transfer solution, and victims of the attacks are still coming to light. Aretis Health LLC is a provider of billing services to NorthStar Anesthesia, which provides anesthesia and pain management services to entities across the United States. Arietis Health said its MOVEit Transfer software was hacked, and its investigation revealed on July 26, 2023, that the Clop group may have acquired the data of patients of 54 entities served by NorthStar Anesthesia. Aretis Health notified NorthStar Anesthesia about the breach on August 3, 2023, and now that the affected files have been reviewed, Aretis Health can mail individual notification letters.
The information compromised in the attack included patient names, dates of birth, driver’s license or other state identification card numbers, addresses, Social Security numbers, medical record numbers, patient account numbers, health insurance information, diagnosis and treatment information, clinical and prescription information, and/or provider information.
The HHS’ Office for Civil Rights breach portal indicates 1,975,066 individuals have been affected.
| AmSol Physicians of Elkin, NC, PLLC | Gastro South Anesthesia, LLC | NorthStar Anesthesia III, PA | NorthStar Anesthesia of Michigan, LLC | NorthStar Anesthesia of Virginia, LLC | Professional Anesthesia Group, LLC |
| Anesthesia Company of Houston, PLLC | Gastroenterology Consultants of Augusta, PC | NorthStar Anesthesia of Delaware, LLC | NorthStar Anesthesia of Mississippi, LLC | NorthStar Anesthesia of West Virginia, PLLC | Professional Anesthesia Services of Kentucky, PLLC |
| Anesthesia Resources Management Solutions, Inc | GI Associates of West Alabama, PC | NorthStar Anesthesia of Illinois, LLC | NorthStar Anesthesia of Missouri, LLC | NorthStar Anesthesia, PA | River Cities Anesthesia, LLC |
| Coronado Anesthesia, PLLC | KBS Anesthesia, Inc | NorthStar Anesthesia of Indiana II, LLC | NorthStar Anesthesia of Montana, PLLC | NSA Pain Services of Michigan III, PLLC | Riverside Anesthesia Services, LLC |
| Digestive Health Specialists of SE | Lehigh Anesthesia Associates, PC | NorthStar Anesthesia of Indiana, LLC | Northstar Anesthesia of Nebraska, PLLC | NSA Pain Services of Michigan, PLLC | Sarasota Anesthesia Services, LLC |
| Dupont Anesthesia, PSC | Northeast Gastroenterolgy Center, Inc | NorthStar Anesthesia of Kansas, LLC | NorthStar Anesthesia of Ohio, LLC | Nurse Anesthesia of North Carolina, PLLC | Sentry Anesthesia Management, LLC |
| Epix Anesthesia of Alabama, LLC | Northern Tier Gastroenterology, Inc | NorthStar Anesthesia of Kentucky, PLLC | NorthStar Anesthesia of Oklahoma, PLLC | Orange City Anesthesia Services, LLC | Southwest Ohio Anesthesia Consultants, LLC |
| Epix Anesthesia of Tennessee, PLLC | Northern Virginia Surgery Center Anesthesia, LLC | NorthStar Anesthesia of Michigan II, PC | NorthStar Anesthesia of Pennsylvania, LLC | PhySynergy, LLC AL | Space Coast Anesthesia, LLC |
| Epix Medical Services of Houston, PLLC | NorthStar Anesthesia II, PA | NorthStar Anesthesia of Michigan III, PLLC | NorthStar Anesthesia of Tennessee, PLLC | PhySynergy, LLC TN | Sunset Anesthesia, LLC |
Colorado Department of Health Care Policy & Financing Provides Update on MOVEit Hack
Colorado Department of Health Care Policy & Financing (HCPF) has provided an update on a cyberattack that was first reported in August this year. The incident involved an exploit of the zero-day flaw in Progress Software’s MOVEit file transfer application, which was used by its vendor, IBM, for business operations. IBM confirmed that the flaw had been exploited on May 28, 2023, and the files obtained in the attack included the protected health information of Health First Colorado and CHP+ members. The breached information included full names, business mailing addresses, business phone numbers, and Social Security numbers.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
While the incident is still under investigation, it has now been determined that an unauthorized individual may have accessed or acquired provider information in the incident, including names and Social Security numbers, if the latter were used as tax identification numbers. The additional affected individuals started to be notified on October 3, 2023. Complimentary credit monitoring and identity restoration services have been offered to the affected individuals.
HCPF has confirmed that up to 4,187,732 individuals had their information exposed, and potentially stolen, in the attack.
Mount Graham Regional Medical Center Investigating Cyberattack
Mount Graham Regional Medical Center in Safford, AZ, is investigating a cyberattack on its network, which has affected its information and communications systems. In a press release issued on Friday, the medical center confirmed that it is investigating to determine the extent of the incident and whether patient data was compromised.
A spokesperson for the medical center confirmed that law enforcement has been notified and outside experts have been engaged to assist with the investigation. Should it be determined that patient data has been exposed or compromised, notification letters will be mailed as soon as possible.
