Cyberattack on Proliance Surgeons
Surgical group Proliance Surgeons based in Seattle, WA has approximately 100 centers in Washington state. It sent notification letters to 437,392 persons about the potential theft of some of their protected health information (PHI) in a ransomware attack at the beginning of 2023. The breach notice posted on Proliance Surgeons’ website says that third-party cybersecurity specialists conducted a forensic investigation, which confirmed the extraction of some files from its system before executing file encryption.
On May 24, 2023, it was reported that files comprising patients’ PHI might have been viewed or obtained on February 11, 2023. During that time the number of affected individuals was uncertain. A thorough analysis was done of all files possibly viewed or stolen in the attack, which affirmed they included names along with at least one of these data elements: birth date, Social Security number, medical treatment data, medical insurance data, telephone number, email address, driver license or other ID data, financial account number, and usernames and passwords.
Proliance Surgeons took action immediately to secure patients’ personal data and cybersecurity procedures were enhanced. There is at least one lawsuit that was filed versus Proliance Surgeons because of the breach.
MOVEIt Transfer Hack Impacts 240,000 Individuals from Medical College of Wisconsin
The Medical College of Wisconsin (MCW) has reported the theft of the PHI of 240,667 persons by the Clop hacking group after exploiting a zero-day vulnerability identified in the MOVEit Transfer solution by Progress Software. MCW was informed on May 31 by Progress Software, applied the patch and recommended mitigation procedures, however, the vulnerability was already exploited on or about May 27, 2023.
MCW conducted a forensic investigation and document analysis, which was finished on or about September 21, 2023. It was confirmed that the stolen information contained full names, birth dates, Social Security numbers, government ID/driver’s license numbers, financial account data, patient account/medical record number(s), medical diagnosis/treatment details, names of medical provider, laboratory results, prescription data, and medical insurance details.
MCW began sending notification letters to the impacted persons on November 14, 2023. Those whose Social Security numbers were stolen received free credit monitoring and identity theft protection services.
Ransomware Attack and Data Theft in Rock County, Wisconsin
Legal Counsel for Rock County in Wisconsin has sent notification letters regarding a cyberattack and data theft that impacted 25,823 persons. Based on the notification letters, suspicious activity was discovered in its computer network on or about September 29, 2023. The forensic investigation affirmed that unauthorized persons got access to its system from September 22, 2023, to September 30, 2023, and at that period, obtained selected files from its system.
An analysis of the impacted files was started to find out the persons impacted and the types of information stolen during the attack. That analysis is in progress, but it was confirmed that the information affected contained names and Social Security numbers. Free credit monitoring services were provided to the impacted persons.
There was no mention of the nature of the attack, though it was stated that the attack involved theft of data. It was confirmed later that the incident was a ransomware attack conducted by the Cuba ransomware group, which added Rock County to the listing in its data leak website. Victims are hence instructed to use the credit monitoring services being provided.
Cyberattack on Capital Health’s New Jersey Hospitals
Capital Health has started investigating a cybersecurity attack that resulted in a network shutdown at the beginning of December. Governing authorities were informed and third-party cybersecurity professionals were involved to find out the extent of the breach.
Capital Health manages two hospitals in New Jersey, Capital Health Regional Medical Center in Trenton and Capital Health Medical Center in Hopewell, and also an outpatient facility located in Hamilton Township. The IT team of Capital Health took prompt action to control the incident and stop further unauthorized network access and it is presently working 24 / 7 to restore systems and data on the internet.
Capital Health operations are under arranged downtime procedures while electronic systems access isn’t possible, with patient data written on paper charts. Capital Health stated it continues to provide patient care and it has kept its emergency rooms open, though it was required to change some elective surgical and treatment schedules. Some patients’ surgeries were deferred, though the effect on surgery schedules is currently minimal. Capital Health stated that outpatient radiology is not available. It had to reschedule its neurophysiology and non-invasive cardiology testing. The schedule of all surgeries is made according to urgency and the critical condition of the patient.
Capital Health cannot give a time frame for the recovery process. Most likely, operations will continue to be on limited systems for the following week. There is no mention of the nature of the attack and, at this point of the investigation, it cannot be determined yet to what degree, if any, patient information was impacted. Capital Health stated no proof of unauthorized data access or data theft was found at the moment. Additional details about the incident will be provided as the investigation moves along.
This is New Jersey’s second major cyberattack on hospitals since Thanksgiving Day. Hackensack Meridian Health reported a network outage that impacted two hospitals, Hackensack Meridian Pascack Valley Medical Center in Westwood and Hackensack Meridian Mountainside Medical Center in Montclair. The two hospitals have a joint venture with Ardent Health Services, which encountered a ransomware attack that impacted several hospitals.