Cyber roundup: Surviving ransomware, ILS data breach and BreachForum boss arrested
Photo: Sora Shimazaki/Pexels
Essential to the hospital's survival, key services at a Maryland hospital hit by ransomware in late January stayed up and running, the CEO reported last week. Meanwhile, more than four million were affected by what might be the year's largest health information data breach so far, and a cybercrime forum stayed open after its administrator was arrested.
Hospital CEO cites cyber defenses in weathering a ransomware attack
Dan Owrey, CEO of Berlin, Maryland-based Atlantic General Hospital, speaking last week at a town hall meeting hosted by the Worcester County Commissioner, was candid about a ransomware attack that hit the hospital on January 29.
While the attack impacted the outpatient walk-in lab, pulmonary function testing, outpatient imaging and the hospital's RediScripts service, Owrey reportedly praised the hospital's response, because key operations – emergency room, operating room and endoscopy services – remained up and running.
He noted that AGH's electronic health records were hosted remotely and were not accessed.
"We will survive this," he said, according to a report in The Dispatch.
The hospital had extensive measures in place and has added more as a result of the attack, he said.
"It’s been incredibly disruptive to our business operations, as you can imagine, but we will survive this. The reason I say that is because in order for an insurance carrier to underwrite us we have to make sure we’re insurable."
Compromised service can affect a hospital’s financial profile and also negatively affect ratings.
Owrey said he learned through the government investigation that followed that a ransomware group in China orchestrated the attack and has attacked other hospitals.
The Cybersecurity and Infrastructure Security Agency now offers hospitals and healthcare systems a new ransomware vulnerability notification program that proactively identifies critical infrastructure information systems that contain known ransomware vulnerabilities.
Four million were affected in ILS data breach
Independent Living Systems, a Miami-based business associate to its covered entity subsidiaries Florida Community Care LLC and Florida Complete Care, announced the results of a data breach investigation, and has sent letters to those whose protected health information and protected personal information may have been exposed.
On July 5, 2022, ILS discovered that an unauthorized actor obtained access to ILS systems on June 30, according to a supplemental notice posted to its website last week.
ILS learned – as a result of the investigation which was completed on January 17 – the following types of information may have been included in the breach: "name, address, date of birth, driver's license, state identification, Social Security number, financial account information, medical record number, Medicare or Medicaid identification, CIN#, mental or physical treatment/condition information, food delivery information, diagnosis code or diagnosis information, admission/discharge date, prescription information, billing/claims information, patient name and health insurance information."
ILS reported in the data breach notification to the Maine Attorney General that the total number of individuals affected is 4,226,508, and that the breach began on June 3, 2022. That notification indicates that the company offered identity theft protection services with Experian for 12 months.
The company's website says it provides clinical and business services to managed care organizations in all 50 states and Puerto Rico, and serves more than four million members, including 250,000 Medicaid and dual eligible members.
The company said it is unaware of any identity theft or fraud occurring as a result of the breach, but encouraged "potentially affected individuals to remain vigilant against incidents of identity theft and fraud by reviewing their account statements, explanations of benefits and credit reports carefully for unexpected activity and to report any questionable activity to the associated institutions immediately."
For those seeking more information about the data breach, ILS has set up a toll-free assistance line – 800-906-7238.
Managing third-party risks and understanding business associates' cyber hygiene processes requires routine monitoring, according to healthcare cybersecurity experts.
BreachForum boss "Pompompurin" arrested
The U.S. Federal Bureau of Investigation arrested a New York man who said his name was Conor Brian Fitzpatrick and that he owned BreachForums, according to Krebsonsecurity.com.
Earlier this month, data stolen from the DC Health Link health insurance exchange was posted for sale on BreachForums, according to the report.
Last year, other hackers on BreachForums hacked into the FBI's InfraGuard program and sold the contact information of more than 80,000 members at auction.
In 2021, Pompompurin said he exploited a flaw in an FBI portal that shares information with state and local law enforcement partners and sent out thousands of fake emails about a cybercrime investigation.
Krebs said BreachForums remained accessible online at the time of his report and a criminal complaint charged Fitzpatrick with one count of conspiracy to commit access device fraud.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.