Cano Health Reports 2-Year Email Hack Impacting Patient Data

June 15, 2020 - Florida-based Cano Health, a population health management vendor, recently began notifying patients that their data was potentially compromised, after hackers breached three employee email accounts over the course of two years.

On April 13, officials said they first discovered a hacker accessed those email accounts and then forwarded some messages from the accounts to an outside party. Cano Health immediately secured the accounts and launched an investigation, which could not confirm or rule out access.

The investigation also could not determine when the initial hack occurred, but officials estimate the hack began between May 18, 2018 and April 13, 2020, when the attack was discovered.

The compromised data included a trove of patient information, including names, dates of birth, contact details, health data, insurance information, Social Security numbers, government identification numbers, and or financial account numbers.

Cano Health is continuing to work with its IT team on identifying additional security measures to bolster its security. Law enforcement has been notified, as well.

Ransomware Attack on Rangely District Hospital

Rangely District Hospital (RDH) in Colorado was hit with a ransomware attack on some of its computer network in April, which rendered some data inaccessible. And RDH was unable to recover all of the impacted patient data.

RDH first discovered the ransomware on April 9, after experiencing difficulties with system access. Officials said the immediately worked to contain the infection and launched an investigation with assistance from a third-party cybersecurity firm.

The forensic analysis determined hackers first gained access into the network on April 2 and launched the ransomware payload on April 9, a week later. RDH did not pay the ransom. Further, the ransomware was installed in an attempt to extort money from RDH, and no patient health records were viewed or exported during the attack, as it was an automated file-encryption process.

RDH is continuing attempts to restore access to patient files from a database RDH stopped using in August 2017. While the records weren’t impacted, the proprietary software used to view that data was infected with ransomware.

As a result, officials said they’re currently unable to access records entered into the database between August 2012 and August 2017. RDH is also unable to access records of patients who received home health services between June 2019 and April 9, 2020.

Those impacted records include names, dates of birth, Social Security numbers, contact information, driver’s licenses, dates of service or hospital admissions, diagnoses and conditions, treatments or condition notes, and billing information, among other sensitive data.

RDH has since implemented additional security measures, including changing remote access settings and resetting passwords across all user accounts. Officials said they’re continuing research additional data backup options and working with its outside cybersecurity firm for the next 30 days with live system monitoring.

Ransomware Attack on Electric Waveform Lab

The servers of Electronic Waveform Lab, a device developer and manufacturer, were infected with a ransomware attack in April, which potentially compromised some patient data.

Electronic Waveform first detected the incident on its computer servers on April 11. An investigation was launched with assistance from an outside forensics firm. The servers were restored and no data was lost during the incident.

However, officials said they could not determine what information was accessed by the attackers. But the impacted server contained patient data, such as names, addresses, diagnosis codes, and limited treatment information.

Electronic Waveform has since implemented additional security measures and processes, while continuing to review its systems.

Ransomware attacks on the healthcare sector reached their peak during the last half of 2019, with those numbers continuing throughout 2020. Hackers are primarily targeting open ports and leveraging phishing attacks before launching the final payload.

The Office for Civil Rights and Microsoft previously released guidance for the healthcare sector, which can help bolster those vulnerabilities.