One Brooklyn Confirms Cyberattack, BlackCat Ransomware Claims Attack On NextGen

January 24, 2023 - One Brooklyn Health (OBH) confirmed that its systems were subject to unauthorized access beginning in July 2022. In December, local news outlets began reporting outages and delays at One Brooklyn, a health system that operates the Brookdale Hospital Medical Center, Interfaith Medical Center and Kingsbrook Jewish Medical Center.

The health system had to operate using paper charts for multiple weeks. The official breach notice shed more light on the incident, which was discovered on November 19 and “caused a temporary disruption to certain operating procedures.”

One Brooklyn took its systems offline and launched an investigation as soon as it discovered the attack, the notice explained. The investigation determined that the unauthorized party potentially had access to OBH data as early as July 9. In November, the unauthorized party copied a limited amount of data from its systems.

The copied data included names, dates of birth, prescription information, and health insurance information. OBH is still investigating the incident and a breach notification has yet to appear on the HHS Office for Civil Rights (OCR) data breach portal.

“As part of its ongoing commitment to the privacy and security of information in its care, OBH is reviewing its existing policies and training protocols relating to data protection,” OBH noted.

“OBH also implemented enhanced security measures and monitoring tools to mitigate any risk associated with this incident and to better prevent similar incidents in the future. OBH has communicated closely with community stakeholders and with local, state, and federal authorities regarding this incident.”

BlackCat Ransomware Claims Cyberattack on NextGen

BlackCat/ALPHV ransomware claimed that it attacked EHR vendor NextGen Healthcare, the Washington Post first reported. BlackCat posted an alleged sample of NextGen data on its leak site, but later removed the listing.

The Health Sector Cybersecurity Coordination Center (HC3) has issued multiple warnings about BlackCat ransomware in recent months, urging the sector to remain vigilant. According to the FBI, BlackCat was first detected in November 2021 and compromised at least 60 victims in just four months.

BlackCat leverages two encryption algorithms and six encryption modes. BlackCat is highly customizable and is constantly being upgraded, making it a serious and dynamic threat to potential victims. HC3 described the variant as “one of the more adaptable ransomware operations in the world.”

“NextGen Healthcare is aware of this claim and we have been working with leading cybersecurity experts to investigate and remediate. We immediately contained the threat, secured our network, and have returned to normal operations,” NextGen said in a statement to various media outlets.

“Our forensic review is ongoing and, to date, we have not uncovered any evidence of access to or exfiltration of client data. The privacy and security of our client information is of the utmost importance to us.”