Hope Health Systems Inc. (HHS) based in Woodlawn, MD has just reported that it suffered a ransomware attack. The healthcare provider detected the attack on June 20, 2022, and engaged third-party forensics specialists to look into the incident and find out the extent of the attack.
The forensics investigation determined that an unauthorized third party got initial access to its systems on June 10, 2022, a few days before using ransomware for file encryption. Although there was no proof of data theft discovered, on or about August 24, 2022, the forensic investigation came to conclude the possibility of data theft. HHS reviewed all files on the breached section of the network until October 18, 2022 to find out those affected.
HHS states the protected health information (PHI) of around 9,972 patients was saved on the breached systems and contained names, birth dates, addresses, driver’s license numbers, Social Security numbers, medical insurance data, and medical data. HHS mentioned it is assessing its current cybersecurity guidelines, procedures, and steps, to know where to make improvements to avoid the same incidents later on. Notifications had been sent to impacted persons on November 21, 2022.
Patients Affected by Ransomware Attack on Disability Services of the Southwest
The home healthcare company Disability Services of the Southwest based in Texas has lately affirmed that unauthorized persons acquired access to its training and employment website and possibly acquired client data.
Vendor Intermap Holdings operated the website. Unauthorized persons acquired access to the vendor’s system on September 28, 2022, and employed ransomware for file encryption. Intermap Holdings had controlled and blocked the attack on the same day; nevertheless, it is likely that in that brief time, sensitive information might have been read or acquired, though there was no proof of unauthorized data access or theft found.
Impacted persons that sent an application for employment had the following information potentially accessed: name, telephone number, email address, and particulars of the work and location where they are applying for. Present and past employee details such as name, address, telephone number, training history, and employee ID might have been exposed as well. No financial data or Social Security numbers were impacted since they were kept on a different system.
Disability Services of the Southwest stated that Intermap Holdings has eliminated the malware and is continuously tracking its platform for indications of attack. The incident is not yet posted on the HHS’ Office for Civil Rights breach website, therefore it is presently uncertain how many persons were impacted.
2,000 Patients Affected by Oceansview Optical Ransomware Attack
Oceansview Optical based in Sebastian, FL, has lately reported that a ransomware attack resulted in the encyrption of part of its database. The attack was discovered on October 8, 2022 because of the shutdown of its office software. The investigation showed that portions of its database were encrypted utilizing Venus ransomware. Two external hard drives and the backup server were also damaged. The provider used paper charts for 9 days while rebuilding its systems.
Oceansview Optical did not pay the ransom. With no access to backups, it could not restore the encrypted sections of the database from July 2021 to October 8, 2022. A copy of the encrypted database was kept and it is hoped it can be retrieved at some point later on when a decryptor is provided for Venus ransomware.
In a detailed and straightforward breach notification, Jennifer L Loar OD mentioned the intent of this attack seemed to be to damage information to block access, therefore data exfiltration is not likely; nevertheless, the exfiltration of information cannot be excluded. The types of data possibly affected included names, nicknames, telephone numbers, addresses, email addresses, dates of birth, ethnicity, chosen language, insurance details, diagnoses, prescription drugs, medication allergies, eyeglasses, contact orders and reports.
The attack was reported to all proper authorities, such as the HHS, FBI and CISA. The new anti-ransomware software program was used together with new backup facilities, which the FBI has confirmed to provide excellent security.