PHI of up to 50,000 Patients of Arizona Asthma and Allergy Institute Exposed Online
Arizona Asthma and Allergy Institute in Peoria, AZ has discovered the protected health information of up to 50,000 patients has been temporarily exposed online and could potentially have been accessed by an unauthorized individual. The affected patient data had been exposed for a brief period in September 2020 under the name of a different organization. Upon discovery of the security incident, a third-party computer forensics firm was engaged to investigate and determine the scope of the security breach and the extent to which patient data had been affected. The investigation confirmed on March 8, 2021 that the types of data exposed included first and last names, patient identification numbers, provider names, health insurance information, and treatment cost information. Affected patients had received medical services from the Arizona Asthma and Allergy Institute between October 1, 215 and June 15, 2020. While the exposure of data was confirmed, no evidence was found to indicate any patient data has been misused; however, affected patients have been advised to monitor their...
Ransomware Gangs Adopt Triple Extortion Tactics
Following on from the DarkSide ransomware attack on Colonial Pipeline, several ransomware threat actors have ceased activity or have implemented rules that their affiliates must follow, including banning all attacks on critical infrastructure firms, healthcare organizations, and government organizations. Some popular hacking forums are distancing themselves from ransomware and have banned ransomware groups from advertising their RaaS programs. However, there are many threat actors conducting attacks and not all are curbing their activities. It remains to be seen whether there will be any reduction in attacks, even in the short term. So far in 2021, attacks have been occurring at record levels, with the healthcare and utility sectors the most targeted. An analysis of attacks by Check Point Research found that since the start of April 2021, ransomware attacks have been occurring at a rate of around 1,000 per week, with a 21% increase in impacted organizations in the first trimester of 2021 and 7% more in April. The number of attacked organizations is up 102% from the corresponding...
UHS Data Breach Lawsuit Allowed to Proceed but only for Patient Whose Surgery was Cancelled
A lawsuit filed against Universal Health Services (UHS) following a 2020 data breach has been allowed to proceed; however, only for one of the patients named on the lawsuit. UHS operates around 400 hospitals and care centers in the United States and the United Kingdom. In September 2020, UHS suffered a ransomware attack in which sensitive data was exfiltrated. The Ryuk ransomware gang threatened to release the stolen data on a leak site if the ransom was not paid, although the UHS investigation found no evidence of any data misuse. The attack affected all 400 UHS care sites and caused significant disruption, with IT systems finally being brought back online a month after the attack. UHS was forced to postpone some scheduled appointments as a result of the attack. A lawsuit was filed in the U.S. District Court, Eastern District of Pennsylvania by the law firm Morgan & Morgan naming three patients as plaintiffs – Graham v. Universal Health Service Inc. The lawsuit alleged negligence, breach of implied contract, breach of fiduciary duty, and breach of confidence. Two of the...
CISA Issues Guidance on Evicting Adversaries from Networks Following SolarWinds Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has published guidance on evicting threat actors from networks compromised in the SolarWinds Orion supply chain attacks and, including subsequent compromises of Active Directory and M365 environments. The attacks have been attributed to threat actors tied to the Russian Foreign Intelligence Service (SVR). After gaining network access through the update mechanism of SolarWinds Orion, the threat actor selected targets of interest for further compromise and bypassed multi-factor authentication methods and moved laterally into Microsoft 365 environments by compromising federated identity solutions. Most of the targets selected for further compromise were government departments and agencies and critical infrastructure organizations, although private sector organizations may also have experienced more extensive compromises. The guidance applies to evicting adversaries from on-premises and cloud environments and includes a 3-phase remediation plan. CISA notes that malicious compromises are unique to each victim, so careful...
April 2021 Healthcare Data Breach Report
April was another particularly bad month for healthcare data breaches with 62 reported breaches of 500 or – the same number as March 2021. That is more than 2 reported healthcare data breaches every day, and well over the 12-month average of 51 breaches per month. High numbers of healthcare records continue to be exposed each month. Across the 62 breaches, 2,583,117 healthcare records were exposed or compromised; however, it is below the 12-month average of 2,867,243 breached records per month. 34.4 million healthcare records have now been breached in the past 12 months, 11.2 million of which were breached in 2021. Largest Healthcare Data Breaches Reported in April 2021 There were 19 reported data breaches in April that involved more than 10,000 records, including 7 that involved more than 100,000 records with all but one of the top 10 data breaches due to hacking incidents. Ransomware attacks continue to occur at high levels, with many of the reported attacks affecting business associates of HPAA-covered entities. These incidents, which include attacks on Netgain Technologies,...



