On May 22, the Royal ransomware group added Morris Hospital to their leak site with a small sample of files as proof of claims. On May 23, the hospital posted a statement on its site, prominently linked from its homepage: Morris Hospital & Healthcare Centers is actively investigating a cybersecurity incident with the assistance of…
Category: U.S.
NYS settles charges against PracticeFirst stemming from 2020 ransomware incident
In July 2021, Professional Business Systems, Inc. d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp., a medical management company that processes data for health care providers, issued a press release about a hacking incident that occurred in December 2020. As DataBreaches noted at the time, it appeared that they likely paid ransom because one line in their statement…
Apria Healthcare notifies 1.2 million patients of hacking incidents in 2019 and 2021
HIPAA requires that covered entities notify HHS and affected patients of a reportable breach within 60 calendar days of discovery of a breach. Exceptions are made if law enforcement asks an entity to delay notification so as not to interfere with an investigation, but such requests are infrequent. So why are we first finding out…
Cuba ransomware claims cyberattack on Philadelphia Inquirer
Bill Toulas reports: The Cuba ransomware gang has claimed responsibility for this month’s cyberattack on The Philadelphia Inquirer, which temporarily disrupted the newspaper’s distribution and disrupted some business operations. The Philadelphia Inquirer is Philadelphia’s largest (by circulation) newspaper. It is the third-longest continuously operating daily newspaper in the U.S., founded in 1829, and it has…
After ransomware attack, state’s second-largest health insurer says patient data were stolen
Jessica Bartlett reports: The second-largest health insurer in Massachusetts said that patient data had been copied and taken from its systems during a recent data breach and that it is notifying patients that their information may have been compromised. Point32Health, which is the parent company of Tufts Health Plan and Harvard Pilgrim Health Care, has been actively…
CommonSpirit expects to recover most of its $160M cyberattack costs
Nick Thomas reports: Chicago-based CommonSpirit, one of the largest nonprofit health systems in the nation, upped its current estimate of losses stemming from a cyberattack in October to $160 million when it released first-quarter results May 15. The original cost amount was estimated at $150 million. The better news is that the 143-hospital system is confident of…