Half a Million Records Potentially Stolen in 2 Healthcare Ransomware Attacks

The healthcare industry in the United States continues to be targeted by ransomware gangs. Recently, the Federal Bureau of Investigation issued a flash alert warning about threat actors using Cuba ransomware in attacks targeting critical infrastructure, including the healthcare industry, and this month the HHS’ Health Sector Cybersecurity Coordination Center (HC3) issued a warning that the financially motivated FIN 12 threat group, a ransomware specialist, was also targeting the healthcare sector and was primarily deploying Ryuk ransomware.

There have been many healthcare ransomware attacks reported over the past few months with two of the latest victims experiencing attacks that have resulted in the encryption and possible theft of the sensitive data of 513,335 patients.

In the first week of December, Planned Parenthood Los Angeles announced a hacker had gained access to its systems between October 9 and October 17, 2021, and stole patient data prior to using ransomware to encrypt files. The attack was detected when the encryption routine commenced on October 17.

A review of the stolen data and files stored on parts of its network that were accessed by the attackers confirmed they contained the protected health information of 409,759 individuals, including names, dates of birth, addresses, diagnoses, insurance information, treatment information, and prescriptions.

The attack came shortly after the state of Texas made headlines for implementing a near-total ban on abortions, which sparked heated debates across the country on the abortion rights of women. Planned Parenthood, the nation’s largest provider of reproductive health services including abortion care, says there are no indications that this was a targeted attack nor that it was politically motivated. Planned Parenthood says there are no indications that any data exfiltrated by the hackers have been used for malicious purposes.

Planned Parenthood said the ransomware attack only affected its Los Angeles facilities and no patient data from the Planned Parenthood Federation of America or any other Planned Parenthood affiliate was affected. Steps have been taken to improve cybersecurity in response to the attack, additional cybersecurity professionals have been recruited, and network monitoring has been enhanced.

Two unrelated ransomware attacks were recently reported by Seattle, WA-based Sound Generations. Sound Generations is a nonprofit organization serving King County in Washington state that helps older adults and adults with disabilities obtain free to low-cost healthcare resources.

Sound Generations explained in its breach notification letters, which were sent to 103,576 individuals, that its systems were accessed by unauthorized individuals on July 18, 2021, and September 18, 2021. In both incidents, access to its network was promptly terminated, although the attacks did result in the encryption of files containing patient data.

Information potentially compromised included names, addresses, phone numbers, email addresses, dates of birth, health insurance status, health histories, health conditions, and whether the individual participated in the EnhanceFitness program.

Sound Generations said it was not possible to tell which types of information had been accessed or if patient data were stolen, although it is unaware of any cases of attempted or actual misuse of patient data. Sound Generations said it has implemented further cybersecurity controls to protect against future attacks.