Latest Health Data Breaches News

Hackers Steal Data of 200K During CareFirst BlueCross DC Cyberattack

A cyberattack on CareFirst BlueCross in DC, formerly Trusted Health Plans, resulted in the theft of member data; an email hack, ransomware, and malware incident complete this week’s breach roundup.

healthcare data breach roundup ransomware attack malware incident email hack

By Jessica Davis

- CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC), formerly known as Trusted Health Plan, recently notified 200,665 plan members that their data was compromised and potentially stolen after a cyberattack in January.

On January 28, CHPDC’s managed IT service vendor notified the insurer of the attack on its computer systems and notified an outside security firm, which took steps to mitigate the incident.

The investigation determined the attackers were likely part of a foreign cybercriminal enterprise, while the attack was sophisticated in nature and resulted in the theft of some information.

The breach victims include CHPDC enrollees, current and former employees, providers who received payments from the insurer, and Medicaid enrollees. The compromised data included full names, contact details, dates of birth, Social Security numbers, Medicaid identification numbers, medical information, claims data, and some clinical information.

For affected providers and Medicaid enrollees, the data included names, business addresses, and SSNs or tax identification numbers. For employees, the data involved names, contact information, dates of birth, and SSNs.

READ MORE: Healthcare’s Data Extortion Problem, and How to Prepare for Ransomware

All individuals will receive two free years of credit monitoring and identity theft protection services.

The attack is still under investigation, but for now, it appears the incident was limited to CHPDC and no other CareFirst BlueCross BlueShield companies. No member services were impacted.

"We've taken immediate steps to limit the impact of the attack and protect and secure our systems and the information of our enrollees," said George Aloth, CHPDC CEO, said in a statement.

"We're angry and troubled that anyone would target our enrollees,” he added. “We're taking aggressive action on behalf of all those we serve to ensure they are supported and notified as more information becomes available."

CHPDC notified the FBI and the Office of the Attorney General in DC. The third-party security firm also assisted the insurer with implementing further measures to protect personal information, including password resets, and monitoring for signs of data misuse.

Email Hack Impacts 221K Total Health Care Plan Members

READ MORE: 50% Phishing Emails Seek Credential Theft, as Malware Delivery Declines

About 221,450 Total Health Care Plan members and physician partners were notified that their data may have been compromised after a hack on several employee email accounts.

The notice does not detail when the security incident was first discovered. But access to staff member email accounts occurred for nearly two months between December 16, 2020 and February 5, 2021.

An extensive forensic investigation found no evidence the intruder viewed or misused the information in the accounts. However, officials could not fully determine if any of the information was read.

The emails contained information that varied by individual but could include SSNs and or member ID, claims information, dates of birth, and addresses.

Total Health Care employed an outside security team to handle the issue and has since taken steps to increase its security. Employees have also been provided training.

Ransomware Attack on Law Firm Impacts 420K Patients

READ MORE: Brute-Force Campaign on Windows SMBs Spreads Worming Malware

Ohio-based law firm Bricker and Eckler recently notified 420,532 patients their data was compromised after a ransomware attack. Bricker has a range of healthcare clients and has access to personal information as part of its client engagement and legal counsel needs.

The ransomware was detected on January 31, and Bricker’s team immediately took action to contain the incident. An investigation, led with assistance from a third-party cybersecurity forensics firm, determined the attackers gained access to Bricker’s internal systems at various times between January 14 and January 31.

During the persistent attack, the threat actors stole data from certain systems. Officials said they were “able to retrieve the data involved from the unauthorized party and have taken steps to delete this data.”

It’s important to note that multiple reports warn against trusting ransomware threat actors, who have been observed falsifying evidence to assuage ransomware victims but may later leverage the data for other nefarious activities.

Bricker reviewed the data to identify the impacted individuals, with the forensics investigation concluding on March 12. 

The review determined the impacted data contained some personal information, such as names, addresses, and in certain cases, medical-related and or education-related information, driver’s licenses, and or SSNs.

Bricker has since implemented additional security protocols to enhance the security of its network, internal systems, and applications. Officials said they’re continuing to evaluate needed steps to better improve its defense. Law enforcement is continuing to investigate the incident.

La Clínica de la Raza Reports Malware-Related Data Breach

California’s La Clínica de la Raza is notifying 31,132 patients that their data was potentially compromised during a malware incident.

Detected on January 28, attackers deployed malware on certain La Clinica systems used to store information, including personal patient data. Officials took steps to close off access to the impacted systems and launched an investigation with support from a third-party forensics firm.

The forensic review determined the malware allowed the hacker to gain access to La Clinica’s systems. Officials said they took further actions to mitigate the issue and bolster its security measures.

The compromised information varied by patient but could include names, dates of birth, contact details, health insurance information, and some health data, like dates of service, diagnoses, test results, and treatments. No financial data or SSNs were affected

La Clinica has since enhanced its intrusion detection and prevention procedures, implemented additional technology safeguards, and enhanced its workforce training.