Ransomware Roundup: 5 Healthcare Organizations Fall Victim to Ransomware Attacks
Ransomware attacks have recently been reported by Surecare Specialty Pharmacy, Victory Health Partners, Strategic Benefits Advisors, Blue Shield of California, and Blue Cross of California.
PHI of 8,412 Patients Potentially Compromised in Surecare Specialty Pharmacy Ransomware Attack
El Paso, TX-based Surecare Specialty Pharmacy has recently announced it was the victim of a sophisticated ransomware attack on August 16, 2021. Surecare’s IT service provider took immediate action when the attack was detected, and a third-party forensics firm was engaged to investigate the attack.
The investigation confirmed on August 31, 2021, that files containing a limited amount of patients’ protected health information may have been accessed and/or exfiltrated prior to the deployment of ransomware, although no evidence was found to indicate that was the case nor have any reports been received that suggest any misuse of patient data.
A review of the encrypted files confirmed they contained patient names, addresses, dates of birth, health insurance information, and prescription information. The Social Security numbers of a very small subset of individuals were also included in the compromised files.
Get The Checklist
Free and Immediate Download
of HIPAA Compliance Checklist
Delivered via email so verify your email address is correct.
Your Privacy Respected
Surecare says additional security measures have now been implemented to prevent further cyberattacks and policies and procedures are being reviewed and will be updated as necessary to improve data security.
Ransomware Attack on Vendor Affects Blue Shield of California and Blue Cross of California Members
A ransomware attack on the Santa Ana, CA-based health insurance broker, Team Alvarez Insurance Services, has resulted in the exposure of the protected health information of 2,841 Blue Shield of California and 672 Blue Cross of California members.
On August 27, 2021, Team Alvarez notified the health plans about a cyberattack that occurred on August 25. Team Alvarez immediately secured its network to prevent further unauthorized access and conducted a comprehensive investigation to determine the nature and scope of the attack.
On October 13, 2021, the health plans learned the attacker accessed parts of the Team Alvarez network where members’ enrollment forms were saved. It was not possible to determine if those forms were viewed or downloaded. The forms contained the following data elements: name, address, phone number, email address, date of birth, gender, subscriber ID number, policy effective date, emergency contact information, authorized representative/power of attorney information, and broker information.
Team Alvarez said that in addition to performing a reset of all passwords, firewall configurations have been reviewed, a system-wide security scan has been conducted, and its infrastructure and servers are being rebuilt in a clean environment on new servers.
Affected Individuals have been offered complimentary access to the Experian IdentityWorksSM identity theft protection service for 12 months.
Victory Health Partners Notifies Patients About September 2021 Ransomware Attack
Mobile, AL-based Victory Health Partners has notified patients about a ransomware attack it discovered on September 23, 2021. Prior to the encryption of files, the attackers exfiltrated sensitive data which has potentially been released.
When the attack was detected, systems were shut down to contain the incident and prevent further unauthorized access. A forensic investigation was launched to determine the extent and nature of the attack which confirmed that the following types of patient information may have been obtained by the attackers: name, address, Social Security number, date of birth, and other protected health information. Health information such as diagnoses, health conditions, and other health data was not involved as Victory Health Partners still uses paper charts.
Victory Health Partners has conducted a thorough review of existing operating and IT systems and steps will be taken to improve the confidentiality and security of its records. Further, an external computer consultant has been engaged to advise the clinic on new systems and equipment to protect against future cyberattacks.
PHI Potentially Compromised in Ransomware Attack on Strategic Benefits Advisors
The Georgia-based benefits consulting firm, Strategic Benefits Advisors, has announced it suffered a ransomware attack in which protected health information may have been accessed and/or acquired.
The attack was detected on September 19, 2021, and steps were immediately taken to prevent further unauthorized IT system access. An investigation was conducted into the attack and while that investigation is ongoing, it was determined on October 7, 2021, that certain files within its environment had been accessed and/or exfiltrated by the attackers.
It has yet to be determined exactly how many individuals have been affected, and which types of protected health information were compromised for each individual, but the types of information on the compromised systems included names, addresses, and Social Security numbers. Strategic Benefits Advisors says it is unaware of any actual or attempted misuse of personal information.
Notifications are being sent to affected individuals and steps have been taken to improve the security of its systems to prevent further cyberattacks.