Ransomware Gangs Claim Health Plan and Healthcare Provider Attacked

By | April 1, 2022

Partnership Health Plan of California Recovering from Suspected Ransomware Attack

The Fairfield, CA-based nonprofit managed care health plan, Partnership Health Plan of California (PHC), has suffered a cyberattack that has taken its IT systems out of action for more than a week. PHC started notifying regional healthcare clinics on March 21, 2022, that its IT systems were disrupted, along with its website and phone lines and that efforts were underway to restore its systems. A timeline for when IT systems would likely be restored was not provided.

PHC did not state in its notifications what caused the outage, but it appears to have been a ransomware attack by the Hive ransomware operation. The Hive ransomware gang claimed responsibility for the cyberattack on its clear web and dark web sites and said 400 gigabytes of data was exfiltrated from PHC systems that included 850,000 unique records of name, SSNs, dates of birth, addresses, and other information. That claim has since been removed.

PHC has yet to confirm whether ransomware was used and the extent to which plan members’ data has been affected. PHC has around 618,000 health plan members in Northern California. The Hive ransomware gang is known to target the healthcare industry, having previously conducted ransomware attacks on Memorial Health System and Johnson Memorial Health last year.

Cancer and Hematology Centers of Western Michigan Suffers Ransomware Attack

Cancer and Hematology Centers of Western Michigan has recently announced it was the victim of a ransomware attack in December 2021 that affected part of its database. The healthcare provider said it partnered with a third-party IT and forensics firm to investigate the breach and restore its systems.

The breach investigation did not uncover evidence to suggest any patient data has been misused, but the parts of its systems that were accessed by the attackers contained parts of patients’ health records and employees’ Social Security numbers and bank account information.

Cancer and Hematology Centers of Western Michigan has started notifying affected individuals and complimentary credit monitoring services have been offered. Steps have been taken to strengthen data security procedures, including decommissioning several servers, providing additional training to the workforce, reviewing security policies and procedures, and contracting with a third-party company to provide ongoing security monitoring.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 43,071 individuals.

LockBit Ransomware Gang Claims to Have Attacked Val Verde Regional Medical Center

The LockBit ransomware gang has recently published data on its leak site which it claims was stolen in a ransomware attack on Val Verde Regional Medical Center in Texas.

Lockbit has published around 400 MB of data on its website which includes files that include the data of more than 96,000 patients. The files contain information such asnames, patient ID numbers, account numbers, email addresses, addresses, phone numbers, dates of birth, employer addresses, marital status, guarantor names, referring physician names, health insurance information, notes, and other information.

Val Verde Regional Medical Center has not confirmed whether the claims of the Lockbit gang are genuine and the breach is not yet showing on the HHS’ Office for Civil Rights breach portal.

The post Ransomware Gangs Claim Health Plan and Healthcare Provider Attacked appeared first on HIPAA Journal.