Potential Cyberattack on Daviess Community Hospital
Daviess Community Hospital, which is affiliated with Ascension St. Vincent Hospital based in Washington, IN, reported that it started an investigation after receiving a notification from the U.S. Department of Homeland Security (DHS) regarding a potential security breach. As per the DHS, it identified a security issue while doing its routine monitoring that shows possible exploitation by cyber actors.
Tracy Conway, Hospital CEO, explained that all internal systems were shut down while a third-party digital forensics company investigated the incident. Conway said there is no evidence found thus far that suggests unauthorized access to its system or patient information. The hospital did not receive any ransom demand. The disruption resulted from the shutdown of IT systems, including telephone lines to outpatient centers and email systems. The hospital has undergone temporary non-computerization. Consequently, services were minimal until the restoration of systems. Several appointments were canceled and must be rescheduled. The largest effect is on radiology, currently, it’s impossible to transmit images for reading. Conway stated they are working hard to restore IT systems online, including the radiology and pharmacy systems.
Cyberattack on Wyoming County Community Health System in March 2023
Wyoming County Community Health System based in Warsaw, NY informed 24,016 patients regarding a security incident that was discovered on March 28, 2023. Although not labeled as a ransomware attack, a lawyer for the health system stated the attack interrupted its system. The forensic investigation showed that files that contain patient data were compromised and may have been accessed or stolen by unauthorized persons in the attack.
An analysis of the files was finished on November 8, 2023, and it was confirmed that they included data like names, driver’s license or state ID numbers, Social Security numbers, birth dates, biometric information, medical data, account numbers, and medical insurance data. The health system has enforced extra security steps to stop the same breaches later on and has provided impacted people free credit tracking and identity theft protection assistance.
Cyberattack on Southland Integrated Services in October 2023
Community-based non-profit organization Southland Integrated Services (SIS) based in California manages a Federally Qualified Health Center and has lately informed selected persons concerning the compromise of their protected health information (PHI). On November 10, 2023, SIS mentioned in its breach notification letters that it discovered suspicious activity inside its computer network on October 18, 2023.
The forensic investigation affirmed an unauthorized third party accessed its systems from October 16 to October 18, 2023. In that time frame, documents that included patient information like names, birth dates, addresses, vaccination statuses, driver’s license numbers, Social Security numbers, and/or financial account data were accessed. Extra safety measures were put in place to stop the same breaches later on and free credit monitoring and identity theft protection assistance were provided to the impacted persons. The incident was reported to authorities but is not yet displayed on the HHS’ Office for Civil Rights breach website. It is presently uncertain how many persons were impacted.
Cyberattack on Mission Community Hospital in May 2023
Acute care hospital Mission Community Hospital serving the patients residing in the San Fernando Valley of California, has begun informing patients about the exposure of some of their personal data and PHI in a cyberattack in May 2023.
The hospital discovered unauthorized access to its network on May 1, 2023. As per forensic investigation, an unauthorized third party gained access to its system on the same day. Files with patient information were also accessed. The analysis of the files showed they included names, addresses, birth dates, driver’s license numbers, Social Security numbers, financial account details, medical health insurance plan member IDs, claims information, and clinical data associated with the care obtained at Mission Community Hospital.
Impacted persons were provided a no-cost membership to a credit monitoring and identity theft protection service for one year. Mission Community Hospital stated it has put in place extra safety measures and technical safety measures to increase protection and monitor its network. The HHS’ Office for Civil Rights breach website still displays the placeholder of a report involving 500 records that was filed on June 30, 2023. 500 is a frequently used placeholder to satisfy the requirements of breach reporting until the exact number of persons impacted is determined.
The breach notification letter didn’t have information concerning the nature of the attack except for saying files that contain some patient data might have been affected by unauthorized access; nevertheless, this seems to be a ransomware attack. The RansomHouse ransomware group professed it is responsible for the attack and has included Mission Community Hospital on its dark web data leak website. The group remarked in the listing that it acquired “over 2.5 TB” of data. The listing includes a downloadable evidence package, which contains screenshots of its file system that seem to have been acquired on April 16, 2023, about 2 weeks prior to the discovery of the unauthorized access. At this time, no data is showing on the listing, just the screenshots that could suggest that the information was sold as threatened by the group or it is still waiting for a ransom payment. Listings are generally taken out of data leak sites after paying a ransom.
RansomHouse was responsible for an attack on Warren General Hospital in 2023, the listing for which remains on the group’s data leak website together with evidence packages, though there has been no data dump up to now. Warren General Hospital recently submitted the data breach report to OCR as impacting 168,921 persons. An attack on Albany ENT & Allergy Services in March 2023 is likewise listed, which consists of a complete data dump. Based on the OCR breach website, the attack affected 224,486 Albany ENT patients.