Two Florida Healthcare Providers Attacked with Ransomware

Share this article on:

The Tampa, FL-based Agency for Community Treatment Services, Inc. (ACTS) is alerting certain patients that some of their protected health information has potentially been compromised in an October 21, 2020 cyberattack.

The security breach was detected on October 23 when ransomware was deployed. The hackers gained access to parts of the ACTS server and data infrastructure and encrypted files to prevent access. Systems were taken offline to prevent further unauthorized access and third-party computer forensic experts were engaged to assist with the investigation and determine the scope of the breach.

While unauthorized data access was possible, the investigation did not uncover any specific evidence to indicate patient data had been accessed or exfiltrated. ACTS explained that this was due to the extensive efforts made by the attackers to conceal their malicious activity. The attackers may therefore have accessed or stolen information stored on the breached systems.

The review of the compromised systems revealed they contained patient names, dates of birth, Social Security numbers, and medical records containing information such as diagnoses, treatment information, and health insurance information related to the services provided to patients between 2000 and 2013.

ACTS was able to restore the encrypted data from backups and did not pay the ransom and steps have been taken post-breach to strengthen security and prevent further attacks. Since patient data may have been compromised, ACTS is providing complimentary credit monitoring and identity theft protection services to all affected individuals.

The HHS’ Office for Civil Rights breach portal indicates the PHI of 73,825 individuals was potentially compromised.

Leon Medical Centers Attacked with Conti Ransomware

Leon Medical Centers, a network of 8 medical centers in Miami and Hialeah in Florida, experienced a Conti ransomware attack in which the protected health information of patients was allegedly stolen. The attackers issued a ransom demand and threatened to publish the records of patients stolen prior to the deployment of ransomware.

The attackers claimed the data stolen included patient names, addresses, Social Security numbers, diagnoses, treatment information, health insurance information, and patient photographs. They claim to have obtained the PHI of more than 1 million patients, although that claim has been refuted by Leon Medical Centers, which maintains the amount of data stolen has been grossly overstated.

Leon Medical Centers discovered the attack on November 8, 2020. Systems were immediately taken offline to prevent further unauthorized access and third-party cybersecurity professionals were engaged to assist with the investigation. Leon Medical Centers discovered on November 9, 2020 that certain patient information stored on its systems had been accessed by the attackers.

In a January 8, 2021 press release Leon Medical Centers confirmed the types of information accessed varied significantly from patient to patient and may have included names, contact information, Social Security numbers, financial information, dates of birth, family information, medical record numbers, Medicaid numbers, prescription information, health insurance information, and medical/clinical information such as diagnoses and treatment histories.

Leon Medical Centers is still investigating the breach and is identifying the patients affected, who will be notified in due course. At this stage the number of individuals impacted by the attack has not been confirmed.

Proliance Surgeons Announce Corporate Website Breach

Proliance Surgeons, a Seattle, WA-based surgical practice, has suffered a breach of its corporate website in which payment card information may have been stolen. In a December 23, 2020 breach notice, the practice explained that its investigation revealed the attackers had access to the website between November 13, 2019 and June 24, 2020. During that time, the attackers potentially accessed and obtained cardholder names, card numbers, expiry dates, and zip codes. No other protected health information was involved. The breach was limited to individuals who paid for services online, not individuals who paid over the phone or in person.

The cause of the breach has been identified and addressed and a new website with a different payment platform has been implemented, which has superior security protections.  Proliance has coordinated with the major payment card providers to prevent unauthorized charges on the affected cards. Individuals affected by the breach have been advised to check their statements carefully and to report any unauthorized charges to their card provider.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On