HIPAA Journal – Recent Cyber Attacks
Highlights From The HIPAA Journal
From The July 20th Newsletter
$25,000 fine given to Metropolitan Community Health Services
- Back in 2011, a breach had occurred that affected over 1,200 patients.
- Prior to the breach, the Health Center had failed implement HIPAA security rule policies and procedures.
- A settlement was made that the Health Center would owe $25,000.
June 2020 Healthcare data breach report was announced
- A major increase from May to June on data breaches with a shocking 52 breaches reported. This was an 85.71% increase from May.
- 957,082 patient health records exposed in June.
- Average breach size was 25,867 records in June.
COVID-19 Research Companies are vulnerable to cyberattacks
- Russian hacking group “ATP29” has been actively scanning external IP addresses of companies involved with COVID-19 research.
- Studies found that the main vulnerabilities of these Organizations were open ports, unpatched vulnerabilities and web application security issues.
Public cloud data breaches
- Study shows that 70% of companies that host data or workloads in the cloud have experience a breach of their public cloud environment within the last year.
- System misconfigurations and flaws in firewall applications assured to be the main causes of these breaches.
- Hackers are completing automatic screening on companies to see where vulnerabilities may be within the Cloud environment.
Recent cyber/ransomware attacks related to the Healthcare industry
- Lorien Health Services (MD) had experienced a ransomware attack in June. Hackers were able to access PHI and some of that data was stolen. Lorien did deny paying the ransom which concluded in the data being stolen. Over 47,000 individuals were impacted by this attack.
- Accu Copy of Greenville (NC) had unauthorized access of their servers in the month of June. Over 21,000 patients were potentially affected by this attack as the servers had billing statement of the patients.
- A former employee of Coalinga Valley Health Clinics had taken multiple records of PHI from their office. Luckily, the Police Department was able to find the individual and gain all records that were stolen.
- National Cardiovascular partners had an authorized user gain access to an employee’s email in May. The attack potentially affected over 78,000 individuals.