Two More Healthcare Orgs Attacked by RansomHub
The RansomHub ransomware group has recently claimed responsibility for attacks on two healthcare providers, Millinocket Regional Hospital in Maine and Cardiology of Virginia in Midlothian.
Millinocket Regional Hospital was added to the group’s data leak site on July 25, 2024, and the stolen data (1.8 GB) has been uploaded to the site, indicating the ransom was not paid. This week, Millinocket Regional Hospital confirmed that it detected unauthorized access to its network on or around July 21, 2024. The forensic investigation confirmed that the compromised parts of the network included patient data such as names, addresses, Social Security numbers, health insurance information, and treatment information. Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals and their data security policies and procedures have been reviewed and enhanced. It is currently unclear how many individuals have been affected.
Cardiology of Virginia was added to RansomHub’s data leak site on September 7, 2024, and the cardiology practice has been given until September 14, 2024, to pay the ransom. Cardiology of Virginia has yet to add a substitute breach notice to its website or make an announcement, but the breach was reported to the HHS’ Office for Civil Rights on January 28, 2025, stating 21,085 individuals were affected.
EngageMED Confirms Patient Data Was Compromised in a June 2024 Cyberattack
EngageMED, a North Little Rock, AR-based provider of practice management services, recently announced that it fell victim to a cyberattack. Suspicious activity was identified within its network on or around July 3, 2024, with the forensic investigation confirming there had been unauthorized access to its network between June 12, 2024, and July 3, 2024. During that time, patient data was accessed or acquired from its systems.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
EngageMED is still reviewing the affected files but has confirmed that the types of data potentially compromised include names, addresses, dates of birth, Social Security numbers, dates of service, patient ID numbers, procedure codes, procedure costs, procedure and provider information, diagnoses, government-issued identifications, health insurance information, claims information, and information related to the payment of healthcare services.
EngageMED said it reported the cyberattack to law enforcement and is reviewing its policies, procedures, and employee training program to reduce the likelihood of a similar event occurring in the future. Notification letters will be mailed to the affected individuals when the file review is completed. The breach has been reported to the HHS’ Office for Civil Rights as affecting at least 500 individuals. The total will be updated when the file review has been completed.
Blue Cross and Blue Shield of North Carolina Discovers Unauthorized Wellness Portal Access
Blue Cross and Blue Shield of North Carolina (Blue Cross NC) has recently discovered unauthorized access to the portal of its wellness vendor, Rally Health. Blue Cross NC met with Rally Health on June 12, 2024, to discuss an uptick in gift card redemptions on the Rally Health website involving suspicious email addresses. Rally Health investigated and determined that an unauthorized third party had been accessing the portal via a link in the Blue Cross NC member portal and was creating new accounts, which were used to complete activities to earn rewards that were redeemed for gift cards.
Blue Cross NC investigated, and with the help of third-party cybersecurity experts, determined that between May 19, 2024, and June 19, 2024, an unauthorized third party had accessed accounts on its Blue Connect portal using credentials obtained from an unrelated source. Information in those accounts was used to create new accounts on the Rally Health wellness portal. Blue Cross NC identified 972 affected individuals. Information compromised in the incident included names, subscriber ID numbers, group names and numbers, dates of birth, and similar information for other individuals on the affected plans. All Blue Connect passwords were reset, the minimum password length was increased, dates of birth were removed from the portal, and security controls and monitoring are being enhanced.
Roper St. Francis Healthcare Discovers Mailing Error
Roper St. Francis Healthcare in South Carolina has alerted 4,125 individuals about a mailing error that resulted in letters being sent to incorrect addresses. The issue was identified on June 28, 2024, and affected a mailing sent on June 25, 2024, about updates at one of its practices. No sensitive information was disclosed other than the individual’s name. Internal measures have been implemented to reduce the risk of similar mailing errors in the future, and additional training has been provided to staff members.
