Cyberattacks on Liberty Hospital, 4 Over, LLC, VNS Health and Lake County Health Department

Liberty Hospital based in Kansas City is dealing with a cyberattack that has upset its IT systems. The cyberattack was discovered on December 19, 2023, and it was decided to reroute ambulances to other hospitals until the restoration of IT systems access. Many appointments were canceled pending a rescheduling of consultations. Liberty Hospital has just published minimal details concerning the attack; nevertheless, KMBC News acquired a copy of a ransom notice. The hackers asserted to have acquired all confidential information kept on its systems and demanded that the hospital contact it within 72 hours. The threat actor responsible for the attack is presently not known.

The Qilin ransomware group just included the Neurology Center of Nevada on its data leak website and stated to have extracted about 198 GB of sensitive information. Neurology Center of Nevada did not openly confirm whether the claims of Qilin are true. It did not talk about any cyberattack or data breach on its site. In case what Qilin says is true, this is going to be the Neurology Center of Nevada’s second ransomware attack in one year.

The DragonForce threat group, which was behind the recent Heart of Texas Behavioral Health Network attack, has stated that it is responsible for the Greater Cincinnati Behavioral Health Services attack and has included it on its data leak website. DragonForce boasts of having extracted 72.4 GB of information in the attack though the stolen information is not published to the group’s data leak website. Greater Cincinnati Behavioral Health Services didn’t mention any cyberattacks.

4 Over, LLC November 2022 Cyberattack

The printing company, 4 Over, LLC, based in Glendale, CA has encountered a cyberattack wherein hackers acquired access to areas of its system that included the protected health information (PHI) of 6,491 group health plan members. Suspicious activity was discovered inside its system on November 19, 2022, and it was confirmed by the forensic investigation that there was unauthorized system access from November 16, 2022 to November 19, 2022. The company began sending notification letters to the impacted persons on December 5, 2023, over a year after the discovery of the breach. 4 Overstated the delay was because of the time-intensive and complete evaluation of the affected files.

The data possibly taken from its systems included complete names, driver’s license or state-issued ID numbers, Social Security numbers, credit or debit card numbers, or financial account numbers, Passport numbers, medical details, treatment data, diagnosis data, health insurance data, and birth dates. 4 Over stated it is going over its current guidelines and procedures concerning cybersecurity and is analyzing extra steps and safety measures to secure against this kind of incident later on.

VNS Health Email Accounts Breach

VNS Health Home Care, VNS Health Personal Care, and VNS Health Hospice Care in New York sent notifications to patients about an unauthorized third party that accessed the email accounts of some of its employees and possibly viewed or acquired some of their PHI. Unauthorized access was discovered on August 14, 2023, and according to the investigation, an unauthorized third party accessed some employee email accounts between August 10, 2023 and August 14, 2023.

On September 14, 2023, VNS Health established that emails and related files in the email accounts included data like names, birth dates, addresses, telephone numbers, diagnosis and treatment data, and medical insurance details. VNS Health stated the email accounts breach seemed to be intended to defraud VNS employees instead of to steal patient data.

VNS Health has applied supplemental safety measures to further secure and keep track of its systems, which include technical systems improvements, current security policies and practices, and employee training. The breach report that was submitted to the HHS’ Office for Civil Rights indicated that the breach affected 13,584 VNS Health’s Health Plans members and 5,175 VNS Health Personal Care patients.

Email Account Breach at Lake County Health Department

Lake County Health Department located in Illinois is looking into a security incident concerning unauthorized access to a workers’ email account. It discovered the account breach on November 1, 2023, and as per the investigation, the account included partly de-identified data associated with Lake County locals who were part of a disease cluster or outbreak inspected by the health department from July 2014 to October 2023.

There was no proof found that indicated the exfiltration of any data in the email account. However, data theft cannot be excluded. The data in the account simply included names, dates of birth, addresses, email addresses, ZIP codes, telephone numbers, and diagnoses/conditions. The incident is not yet displayed on the HHS’ Office for Civil Rights breach website, thus the number of affected individuals is presently unknown.

Cyberattack on Fresno Surgical Hospital

On November 4, 2023, Fresno Surgical Hospital located in California encountered a cyberattack that was discovered and stopped. Third-party cybersecurity specialists investigated to find out the nature and scope of the incident and affirmed the exfiltration of some information from its system on November 4, 2023. Fresno Surgical Hospital reviewed all files on the breached areas of the network and confirmed on December 11, 2023 the potential breach of personal data.

The types of data affected differed from one patient to another and might have involved names along with at least one of these data: demographic/ contact details like address and birth date, medical and/or treatment data like names of provider and facility, other patient identifiers and medical record number, diagnosis details, procedure facts, and other clinical details. Fresno Surgical Hospital mentioned security and tracking functions are being improved and systems are being strengthened to reduce the risk of the same incidents down the road.

About Christine Garcia 1310 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at