As has been the case for years, the past few weeks have seen a flurry of news about data breaches, ransomware attacks, and cybersecurity incidents involving healthcare stakeholders, from hospitals to patient transport services to public health agencies.
Meanwhile, months after one of the largest cyberattacks in recent memory, Change Healthcare — as promised and as requested — has begun sending breach notifications to millions of Americans.
Here’s a summary of some of the latest headlines.
Patient transport service provider attacked
On June 22, DocGo, a provider of remote patient monitoring and outpatient services in the United States and United Kingdom, notified Aurora, Colorado-based UCHealth that its Ambulnz patient transport service serving medical facilities in Denver and Colorado Springs had experienced a cyberattack that could have impacted patients.
This is the second time in two months that DocGo has been found to have violated third-party patient transport services.
“This incident did not impact UCHealth’s IT systems or electronic health records,” the health system said on its website Wednesday.
Ambulnz said in a notice about the data security incident that the attack involving unauthorized access took place between April 21 and 22.
“Through analysis, we determined that some of those files contained patient information, including names combined with one or more of the following information: date of birth, address, medical record number, patient account number, health insurance identification number, diagnosis and/or treatment information,” the shipping company said in a statement.
A small number of patients transported by Ambulnz may have had their Social Security and driver’s license numbers exposed in the theft.
Earlier on May 7, DocGo filed a notice with the US Securities and Exchange Commission about US patient data being compromised in a recent cyberattack directly on the company’s IT systems.
Changes to sending violation notices
On June 20, Change Healthcare began sending data to customers whose member or patient data was involved in a major data breach in February, which was discovered after a ransomware attack disabled its payment center.
“The information that may be relevant will not be the same for every affected individual,” the company said in a notice posted on its website.
While a victim’s health insurance, billing, and claims information may be exposed in a widespread attack, information such as medical record numbers, providers, diagnoses, medications, test results, imaging, care plans, and treatments may also be exposed.
“To date, we have not seen the full medical history emerge during our data review,” Change said.
The company added that some of the entities affected in the cyberattack on Change Healthcare may have been guarantors who paid bills for healthcare services.
Given the massive scale of the breach, the forensic analysis of Change’s activities is not yet complete, and the company says it is likely to identify additional victims of the breach.
Change has posted an alternative notice on its website for customers to provide information to members and patients, noting that it does not have the addresses of every known victim.
Change has established a dedicated call center to provide information and resources, and provides a team of trained clinicians to provide support services to callers.
Individuals can visit Changecybersupport.com for more information and details about these resources or call the toll-free number at (866) 262-5342, Monday through Friday, 8 a.m. to 8 p.m. CT, where trained clinicians are also available to provide support services.
RansomHub Releases Florida DOH Data
With 100 gigabytes of data stolen from its network, Florida DOH employee records, prescription data, screening information and more, along with Social Security numbers, were exposed on a Tor-based leak site, Wee Securityk reported on Tuesday.
According to the article, RansomHub began releasing the stolen PII and PHI over the weekend, after the ransomware group’s July 5 deadline had passed.
The attack also disrupted the agency’s birth and death certificate issuance center. News4JAX reported that for births after June 28, the department is providing manual processing of birth certificates. For death certificates, a signature from a health care provider, along with a cause of death and a medical examiner’s signature are required to issue them.
LockBit attacks CAHl
Security issues Earlier this month, it was reported that LockBit was responsible for an attack on a nonprofit critical care provider in Illinois, the 25-bed Fairfield Memorial Hospital.
Fairfield has until July 17 to pay the ransom or see the stolen data made public on the dark web.
Andrea Fox is senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
The HIMSS Healthcare Cybersecurity Forum is scheduled to take place from October 31 to November 1 in Washington, D.C.
