Hive Ransomware Continues to Attack Healthcare Providers
Healthcare data breaches continue as Hive ransomware and other major hacking groups ramp up. Meanwhile, other recent breaches involved unauthorized access to PHI and other information.
Source: Getty Images
By Jill McKeon
- Recent data breaches continue to show the growing prevalence of Hive ransomware and other hacking groups as they continue to infiltrate the networks of US healthcare providers.
High-profile cyberattacks continue to put health systems and patient data in jeopardy, but smaller breaches can be equally detrimental. Without the resources to combat and recover from a ransomware attack, smaller clinics have become easy targets for malicious hackers. Meanwhile, unauthorized access to patient information continues to be a problem for other organizations.
Hive Ransomware Group Attacks Missouri Hospital
Missouri Delta Medical Center fell victim to a cyberattack on September 9 committed by Hive ransomware, a notorious hacking group responsible for attacks on the healthcare sector, St. Louis Public Radio reported.
The medical center confirmed the breach in a statement to St. Louis Public Radio, explaining that an unauthorized party had stolen information from its servers. Hive began posting patient information online, including medical information, names, and Social Security numbers.
Hive previously claimed responsibility for an August ransomware attack on Memorial Health System that resulted in EHR downtime, appointment cancellations, and emergency room diversions.
READ MORE: Could Artificial Intelligence Transform Healthcare Cybersecurity?
The FBI later issued a flash alert warning organizations of Hive ransomware. The agency provided guidance on how to prevent, detect, and respond to a Hive ransomware attack and warned the healthcare sector to be vigilant.
Hive is known to target its victims using phishing emails to gain access to networks and Remote Desktop Protocol (RDP) to navigate the network once inside.
The medical center is working with an outside security firm and has not yet released an official statement about the incident on its website. The investigation is ongoing, but it appears that the medical center’s EHR system was not impacted.
Missouri Delta said that it the breach is not causing care disruptions.
Michigan Medical Center Pays $30K Ransom to Cybercriminals
Family Medical Center of Michigan (FMC) recently notified its customers of a data breach that occurred in July 2020, according to a report from The Monroe News. An unnamed hacking group based in Ukraine deployed ransomware and encrypted the medical center’s financial files, making patient financial information inaccessible.
READ MORE: Key Differences Between PHI and PII, How They Impact HIPAA Compliance
Ed Larkins, CEO of the medical center, told the publication that FMC paid the requested $30,000 ransom after engaging with a third-party forensic security firm. The firm advised FMC to pay the ransom in order to determine the scope of the breach.
Two weeks after paying the ransom, the hackers sent FMC a digital key to unlock the files. No protected health information was breached, but the financial information of approximately 15,000 patients treated by FMC in the last 14 years may have been impacted.
“The privacy and protection of sensitive information is a top priority for us,” Larkins stated. “We deeply regret any inconvenience this incident may have caused.”
Larkins told The Monroe News that FMC is working to notify impacted individuals and has mailed letters to patients with addresses on file.
The FBI strongly discourages paying the ransom in response to a cyberattack.
READ MORE: St. Joseph’s/Candler Faces Lawsuits in Wake of Ransomware Attack
“Paying a ransom doesn’t guarantee you or your organization will get any data back,” the FBI’s website states. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”
Delaware Eye Care Provider Breach Impacts 144K
Simon Eye Management, which has nine locations across Delaware and one in Pennsylvania, announced that it suffered a data breach involving unauthorized access to employee email accounts that may have exposed the personal data of over 144,000 individuals. The unauthorized third party attempted to exploit the company through wire transfer and invoice manipulation attacks.
An investigation by computer forensic specialists revealed that the bad actor had access to certain email accounts from May 12 to May 18, 2021. Simon Eye discovered the breach on June 8.
The hacker had access to patient names, medical history, treatment information, health insurance information, Social Security numbers, birth dates, and financial account information.
There is currently no evidence that the information was misused in any way. After discovering the breach, Simon Eye reset user passwords, began a forensic investigation, and implemented additional data security measures.
“We will continue to evaluate and implement additional safeguards. We are also reporting this incident to relevant state and federal regulators,” the announcement stated.
“Further, once we complete the review of the impacted data, we will be notifying potentially impacted individuals so that they may take further steps to help protect their information, should they feel it is appropriate to do so.”
MN Clinic Employee Accidentally Sends PHI to External Email Address
Minnesota-based Mankato Clinic began notifying 535 patients of an August 3 data breach that exposed protected health information (PHI). A Mankato Clinic employee accidentally emailed an unencrypted spreadsheet containing patient PHI to an external email account.
A few minutes after sending the email, the employee reached out to the recipient and asked them to delete the email. The recipient confirmed that the spreadsheet was never opened, and the email was subsequently deleted.
The spreadsheet included names, addresses, email addresses, birth dates, medical record numbers, diagnosis information, primary insurance carriers, gender, and phone numbers. The breach did not impact the clinic’s EHR system.
“Mankato Clinic has investigated this incident and has determined that it occurred due to use of their e-mail’s auto-complete feature – when the employee typed in the intended recipient’s name, it auto-completed with the name of a colleague with an external e-mail account,” the announcement stated.
“The Mankato Clinic has received assurances that none of the patient information was accessed prior to being deleted by the recipient.”
The clinic told patients that there was no need to take any action to protect themselves from harm resulting from the breach since the email was deleted.
