In August 2023, El Centro Del Barrio (“CentroMed”) reported a breach that affected 350,000 patients. The incident, which had been claimed by Karakurt threat actors in June, involved patients’ names, addresses, dates of birth, Social Security numbers, financial account information, health insurance plan member IDs and claims data. A check of Karakurt’s leak site today…
Category: Health Data
HHS launches $50M security initiative to thwart hospital ransomware
Chad Van Alstin reports: The U.S. Department of Health and Human Services (HHS) is launching a $50 million incentive program to encourage hospitals to improve their cybersecurity. Dubbed the Universal Patching and Remediation for Autonomous Defense—or UPGRADE—program, the initiative aims to speed up vulnerability detection and patch deployment through the creation of a platform that…
Mosaic Mental Health notifies patients of breach
On September 25, 2023, Riverdale Mental Health d/b/a Mosaic Mental Health (“MOSAIC”) notified HHS of an incident that affected 7,281 patients. The incident was coded as a “hacking/IT incident” involving their network, but no further details were available at the time. On April 3, more than six months later, they sent out notification letters. Massachusetts…
Cyberattack fallout: Ascension and DocGo troubles ricochet
Andrea Fox reports: DocGo, an ambulatory and remote patient monitoring provider in the U.S. and U.K. filed a notice on May 7 with the U.S. Securities and Exchange Commission over U.S. patient data breached in a recent cyberattack. “As part of its investigation, the company has determined that the threat actor accessed and acquired data,…
WebTPA Employer Services notifies 2.4 million of April 2023 hack.
WebTPA is a medical claims administrator for health insurance and benefits plans. On December 28, 2023, the Texas firm discovered that they had experienced a data security incident involving certain systems on their network. Subsequent investigation concluded that an unauthorized actor may have exfiltrated personal information between April 18 and April 23, 2023. WebTPA’s clients…
Guthrie Lourdes Hospital still struggling with effects of Ascension cyberattack
Phoebe Taylor-Vuolo, Report for America corps member, reports: Guthrie Lourdes Hospital in Binghamton continues to feel the impact of a recent cyberattack on Ascension, its former parent organization. Ascension said it was hit with a ransomware attack on May 8. Lourdes was officially acquired by the Guthrie health system in February, but officials say that transition is…