AvosLocker Claims Credit for Christus Health Ransomware Attack
May17

AvosLocker Claims Credit for Christus Health Ransomware Attack

The Irving, TX-based nonprofit health system, Christus Health, which operates more than 600 healthcare facilities in Texas, Arkansas, Louisiana, and New Mexico, has announced it has recently identified suspicious activity in its computer systems and blocked an attempted cyberattack. The prompt action taken by the Christus IT team severely limited the scope of the attack and prevented the incident from impacting its patient care and clinical operations. Christus Health said it is working with third-party cybersecurity experts to investigate and determine the extent of the security breach. A relatively new ransomware threat group called AvosLocker has claimed credit for the attack. AvosLocker operates under the ransomware-as-a-service (RaaS) model and was first identified in July 2021. The threat group engages in double extortion tactics and is known to exfiltrate data prior to file encryption, then threatens to auction the stolen data if the ransom is not paid. The number of attacks conducted by Avosocker has been steadily growing, with data from Trend Micro indicating at least 30...

Read More
Webinar: May 19, 2022: 6 Secret Ingredients to HIPAA Compliance
May17

Webinar: May 19, 2022: 6 Secret Ingredients to HIPAA Compliance

Achieving and maintaining compliance with all provisions of the Health Insurance Portability and Accountability Act (HIPAA) Rules can be a challenge for healthcare providers, health plans, healthcare clearinghouses, and business associates of HIPAA-covered entities. HIPAA covers a broad range of healthcare organizations and vendors, with vastly different operating environments, business models, policies and procedures, and IT systems. The HIPAA text sets standards for all those organizations to follow but does not provide step-by-step instructions for achieving compliance. Further, there are many aspects of compliance that are not simple, and it is easy to overlook some of the requirements of HIPAA. When HIPAA-regulated entities do achieve compliance, they must implement a program to ensure compliance is maintained. It is important to set up a program that operates efficiently, where employees across the entire organization play a part in ensuring HIPAA compliance is maintained. Sufficient time and resources need to be dedicated to maintaining compliance, without making the process...

Read More
Cyberattacks Reported by Schneck Medical Center, NuLife Med, & FPS Medical Center
May17

Cyberattacks Reported by Schneck Medical Center, NuLife Med, & FPS Medical Center

The Manchester, NH-based medical equipment company, NuLife Med LLC, has recently announced it was the victim of a cyberattack in March 2022. Suspicious network activity was detected on or around March 11, 2022, and steps were immediately taken to prevent further unauthorized network access. An investigation was launched to determine the nature and scope of the attack and to allow its network and systems to be restored. The investigation confirmed that unauthorized individuals had accessed its network between March 9 and March 11, 2022, and potentially viewed and exfiltrated files from its systems. It was not possible to determine which files had been viewed or removed from its systems, nor the exact number of files that had been accessed or exfiltrated. Notification letters have therefore been sent to all individuals potentially affected. The review of the files revealed they mostly contained protected health information such as names, addresses, medical information, and/or health insurance information. A limited number of individuals have also had their Social Security numbers,...

Read More
Refuah Health Center Alerts 260K Patients About May 2021 Cyberattack
May16

Refuah Health Center Alerts 260K Patients About May 2021 Cyberattack

Refuah Health Center in New York has recently started notifying 260,740 patients about a security breach that occurred almost a year ago. According to the April 29, 2022, notification on the healthcare provider’s website, “We recently discovered unauthorized access to our network occurred between May 31, 2021, and June 1, 2021.” Upon discovery of the breach, an investigation was launched to determine the nature and scope of the attack, and a comprehensive review was then conducted of all documents that were potentially accessed. Refuah Health Center said it discovered on March 2, 2022, that the attackers had exfiltrated some files from its network that contained “a limited amount” of patients’ protected health information, including names in combination with one or more of the following data types: Social Security numbers, driver’s license numbers, state identification numbers, dates of birth, bank/financial account information, credit/debit card information, medical treatment/diagnosis information, Medicare/Medicaid numbers, medical record numbers, patient account...

Read More
Cyberattacks Reported by McKenzie Health System & Omnicell
May13

Cyberattacks Reported by McKenzie Health System & Omnicell

McKenzie Health System in Sandusky, MI, has recently started notifying 25,318 patients that some of their protected health information has been stolen in a recent security incident which has caused disruption to the operations of some of its systems. On March 11, 2022, suspicious activity was detected within its IT systems. Steps were immediately taken to secure those systems and a third-party investigator was engaged to determine the nature and scope of the security breach. The investigation determined that an unauthorized individual had gained access to its network and exfiltrated files. The analysis of those files confirmed on April 22, 2022, that they contained patient information such as names, contact information, demographic information, dates of birth, Social Security numbers, diagnosis and treatment information, prescription information, medical record numbers, provider names, dates of service, and/or health insurance information. McKenzie Health System provided information on the steps that affected individuals should take to protect against the misuse of their personal...

Read More