Ransomware Gangs Claim Three More Healthcare Victims

By | March 15, 2021

PeakTPA, a St. Louis, MO-based provider of health plan management and back-office services, has announced it suffered a cyberattack on or around December 28, 2020 in which protected health information was stolen.

The security incident was detected on December 31 and involved two cloud servers used by the company to manage program of all-inclusive care for the Elderly (PACE) claims.  According to the breach report submitted to the HHS’ Office for Civil Rights, the PHI of up to 50,000 individuals was stolen or exposed.

An investigation into the attack confirmed the attackers obtained full names, home addresses, dates of birth, Social Security numbers, PACE program IDs, and diagnosis and treatment information.

Affected individuals have been notified and offered complimentary membership to credit monitoring, fraud consultation, and identity theft restoration services via Kroll.

St. Bernard’s Total Life Healthcare, Inc., which provides PACE in Northeast Arkansas, and Rocky Mountain Health Care Services in Colorado Springs have confirmed that their patients have been impacted by the attack.

92,000 Individuals Affected by Preferred Home Care of New York Ransomware Attack

Preferred Home Care of New York, a Brooklyn, NY-based provider of in-home care services, experienced a ransomware attack on January 8, 2020 in which patient data was stolen. The attack was detected the following day. According to databreaches.net, samples of data stolen in the attack were uploaded to the Sodinokibi (REvil) data leak site in January.

External counsel for Preferred Home Care of New York explained in a data breach notification that the types of data obtained by the gang varied from individual to individual and may have included names, addresses, email addresses, phone numbers, dates of birth, financial information such as bank account numbers, Social Security numbers and medical information related to health assessments, physicals, drug screens, vaccinations, and TB tests, as well as FMLA and worker’s compensation claims.

92,283 individuals have been notified and complimentary credit monitoring and identity theft protection services have been offered to breach victims.

Newberry County Memorial Hospital Suffers Ransomware Attack

Newberry County Memorial Hospital in South Carolina has announced it suffered a ransomware attack in February that took certain servers out of action, forcing the hospital to switch to manual procedures while the attack was mitigated. The hospital had a full backup of its data and systems and was able to restore all encrypted data without paying the ransom.

The investigation into the attack is ongoing and no evidence has been found of unauthorized data access or data exfiltration to date. The hospital has since taken steps to improve security to prevent similar attacks in the future.

The post Ransomware Gangs Claim Three More Healthcare Victims appeared first on HIPAA Journal.