Healthcare Cyberattacks Impact Benefit Plans, Safety-Net Clinic

March 21, 2022 - Healthcare cyberattacks continue to plague the sector as threat actors find new targets and tactics. Along with targeting large hospitals, threat actors are increasingly aiming their attacks at smaller clinics and health plans.

Despite the increase in cyberattacks, the Office for Civil Rights (OCR) suggested that organizations could prevent most healthcare data breaches by implementing HIPAA Security Rule requirements to address common attack types. OCR's recent newsletter offered tips for safeguarding against phishing, weak authentication protocols, and known vulnerability exploits.

Actuarial Services Firm Cyberattack Impacts MLB Players Benefit Plan

Horizon Actuarial Services, a consulting firm that provides actuarial solutions to multiemployer benefit plans, began notifying 38,418 individuals of a cyberattack that impacted Major League Baseball Players Benefit Plan participants and Local 295 IBT Employer Group Welfare Fund participants. Horizon is a business associate to some HIPAA-covered health plans.

A ransomware group sent an email to the Georgia-based actuarial services firm on November 12, 2021, claiming to have stolen data from its servers. Horizon Actuarial said it negotiated with and paid a ransom in exchange for assurance from the group that they would delete the stolen information.

The group claimed to have stolen data containing names, Social Security numbers, birth dates, and health plan information between November 10 and 11.

"Horizon Actuarial takes this incident and the security of information in our care very seriously," the firm said.

"We are reviewing our existing security policies and have implemented additional measures to further protect against similar incidents moving forward."

In early January, Horizon began notifying the impacted plans and mailed some letters on their behalf on March 9.  

Wheeling Health Right Notifies Patients of Cyberattack

Wheeling Health Right (WHR), a clinic in West Virginia that provides healthcare to low-income and uninsured individuals, began notifying an undisclosed number of individuals of a "highly-sophisticated cyberattack" that it suffered in January 2022.

After discovering the incident on January 18, WHR engaged experts to investigate "the scope of the illicit attack." The investigation determined that an unauthorized actor had encrypted the practice's systems and potentially accessed names, addresses, Social Security numbers, tax information, email addresses, phone numbers, income information, driver's license numbers, medical record numbers, and other health information.

"While I am grateful that we are able to once again provide needed services across the Ohio Valley after being shut down by the cyberattack, I am extremely sorry for what happened," Kathie Brown, WHR's executive director, explained in a press release.

"On behalf of everyone in our agency, I sincerely apologize for the understandable worry this incident must be causing those who may have been affected and we are dedicated to making it right."

WHR said it has since implemented more sophisticated security measures, including multi-factor authentication and endpoint detection software.

Central Indiana Orthopedics Suffers Data Security Incident

Central Indiana Orthopedics (CIO) suffered a data security incident that impacted 83,705 individuals. CIO discovered suspicious activity on its network on October 16, 2021, and later determined that an unauthorized actor had accessed some files.

The breach potentially exposed names, Social Security numbers, limited medical information, and addresses. However, CIO said it had not received reports of identity theft relating to the incident.

"Data privacy and security is among CIO's highest priorities, and we are committed to doing everything we can to protect the privacy and security of the personal information in our care," the notice on its website stated.

"Since the discovery of the incident, CIO moved quickly to investigate, respond, and confirm the security of our systems. Specifically, CIO engaged a specialized third-party cybersecurity firm, changed administrative credentials, restored operations in a safe and secure mode, enhanced the security measures, and took steps and will continue to take steps to mitigate the risk of future harm."

CIO offered identity theft protection, dark web monitoring, and credit monitoring services to impacted individuals.