Cyberattack on Financial Asset Management Systems, The Harris Center for Mental Health, Munsen Healthcare and St. Bernards Healthcare

Financial Asset Management Systems and The Harris Center for Mental Health announced their encounter with ransomware attacks. Munsen Healthcare is looking into a cyberattack on Munsen Healthcare Otsego Hospital. St. Bernards Healthcare has reported the compromise of patient data in a MOVEit Transfer hack.

165,000 Patients Impacted by Ransomware Attack on Financial Asset Management Systems

Business management consultancy and debt collection company Financial Asset Management Systems (FAMS) has submitted a data breach report to the HHS’ Office for Civil Rights indicating that 164,796 patients were affected. In FAMS’ substitute breach notice, it mentioned experiencing a network interruption, which made selected files on its system inaccessible. The forensic scrutiny and analysis of the breached files was finished on August 31, 2023. It was confirmed that the breached data contained names, billing account numbers, expenses paid, payable balances, and the name of the impacted FAMS customer. The impacted people were informed on October 20, 2023, and were offered credit monitoring and identity theft protection services.

Ransomware Attack on Harris Center for Mental Health

The Harris Center for Mental Health based in Texas has encountered a ransomware attack. The healthcare provider detected the attack on November 7, 2023 because employees could not access patient files. The system was quickly de-activated to control the resulting harm. Cybersecurity experts assisted with the system restoration and investigation.

As per The Harris Center for Mental Health, it still provided patient care, but there were inevitable delays because electronic systems were inaccessible. At this point of the investigation, it is uncertain if patient information was compromised.

This is The Harris Center for Mental Health’s second major attack this year. In May 2023, the company used the MOVEit Transfer solution, which led to the exploitation of a vulnerability and unauthorized access to sensitive information. This brought about the theft of the protected health information (PHI) of 599,367 persons during the attack.

Cyberattack at Munsen Healthcare Otsego Hospital

Munsen Healthcare has reported that it is looking into a cyberattack encountered by Munsen Healthcare Otsego Hospital located in Gaylord, MI. Munsen Healthcare stated it shut down its computer systems because of the security breach and a third-party cybersecurity firm conducted a forensic investigation to find out the nature and extent of the cyberattack.

Information concerning the nature of the cyberattack, for instance, whether this involved ransomware/extortion, was not publicly revealed, and it is not yet determined whether patient information was viewed or stolen.

89,500 St. Bernards Healthcare Patients Affected by Business Associate Data Breach

St. Bernards Healthcare, Inc. based in Jonesboro, AR is a health system that caters to southeast Missouri and northeast Arkansas. The company recently reported the exposure of the PHI of 89,556 patients in a data breach that occurred at a third-party vendor.

St. Bernards Healthcare chose Welltok Inc. as a provider of its online contact management platform. The platform was employed to pass on important news and communications via Tea Leaves Health LLC, its subsidiary. Welltok employed the MOVEit Transfer solution of Progress Software, which had a zero-day vulnerability patched last May 31, 2023; nonetheless, the vulnerability was already exploited on the 30th of May. Welltok found out it was impacted by the mass vulnerability exploitation on July 26, 2023, and based on the results of its investigation released on August 11, 2023, sensitive information was extracted in the attack.

St. Bernards Healthcare received a breach notification from Welltok on September 14, 2023, and learned about the extent of the breach last October 18, 2023. The data stolen during the attack contained names, addresses, birth dates, email addresses, telephone numbers, patient ID numbers, medical insurance data, Social Security numbers, names of providers, and medical treatment/diagnosis data. Welltok began notifying the impacted persons on November 13, 2023.

NoEscape Ransomware Group Attacks 2 Healthcare Companies

The NoEscape ransomware group has stated it is behind the attacks on two healthcare companies, Carespring in Loveland, OH and Southeastern Orthopaedic Specialists in Greensboro, NC. NoEscape says it extracted 364 GB of information from Carespring and 3 GB of information from Southeastern Orthopaedic Specialists. The group threatened its victims that it would expose the stolen data on its leak site if they did not pay the ransom demands. Aside from encrypting data, and stealing and leaking data, the NoEscape group frequently performs DDoS attacks when victims do not make an effort to negotiate. The group boasts of having executed the attack on Southeastern Orthopaedic Specialists. At the moment, there is no data leak, and no organization has publicly announced a data breach or cyberattack.

84K Sutter Health Patients Impacted by Cyberattack on Business Associate

Sutter Health, a healthcare company in Northern California, has recently announced the compromise of patient information during a hacking incident at Virgin Pulse, its business associate. Virgin Pulse got access to patient data as it manages Sutter Health’s important notices and messages to patients.

Virgin Pulse employed the MOVEit Transfer file transfer tool of Progress Software, which had a vulnerability that the Clop Group exploited. On May 31, a patch was made available by Progress Software. Virgin Pulse quickly applied the patch and performed the advised mitigation measures; nevertheless, the vulnerability was already exploited. Over 2,300 companies had been affected by the vulnerability exploitation. The attacker stole the data of over 60 million people, which included the information of 845,441 patients of Sutter Health.

Virgin Pulse notified Sutter Health about the impact of the hack on September 22, 2023, which is about 4 months after the occurrence of the cyberattack. Sutter Health only obtained the final report on October 24, 2023. The breached information contained names, birth dates, medical insurance data, provider names, treatment cost data, and diagnoses/treatment details. Sutter Health stated the impacted persons received offers of free credit monitoring and identity theft protection services for one year.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at