Octapharma Plasma and Kisco Senior Living Cyberattacks and University of Wisconsin Hospitals and Clinics Authority Email Account Breach

OctaPharma Plasma Donation Centers Shut Down While Investigating Ransomware Attack

The Swiss pharmaceutical company, Octapharma Plasma, encountered a cyberattack that impacted the systems at 190 plasma donation centers established in 35 U.S. states. Those donation centers were closed as the organization dealt with the cyberattack and attempted to bring back the affected systems online.

Octapharma discovered suspicious activity inside its system on April 17, 2024. An unauthorized third party had compromised its network and disturbed some areas of operations. Third-party cybersecurity specialists investigated the attack to find out its effect. At this period, Octapharma has no additional information concerning the attack, for example, if ransomware was employed for file encryption. More information will be provided as the investigation moves along.

Because critical IT systems are inaccessible, donors cannot visit its plasma donation centers. The plasma gathered at its U.S. facilities is delivered to its European production plants and is used to make life-saving treatments. The disruption to plasma materials threatens manufacturing at its EU-based centers, given that 75% of the plasma utilized in its therapies is obtained from donors in the U.S.A.

A news reporter at The Register talked with a source informed about the incident who stated the BlackSuit ransomware attack happened on April 15, 2024. The BlackSuit ransomware group is a recent ransomware operation identified in May 2023. The group has commonalities with the Royal ransomware group, which followed the Conti ransomware operation. The source of The Register said that the Blacksuit ransomware group exploited the vulnerabilities to obtain access to Octapharma’s VMware networks and encrypted files.

In November 2023, the Health Sector Cybersecurity Coordination Center (HC3) cautioned the healthcare and public health sector regarding BlackSuit ransomware. HC3 stated the group seems to carry out indiscriminate attacks on various industry sectors, which include healthcare, business technology, manufacturing, business retail, and government sectors. The BlackSuit group uses double extortion tactics, which means that the group steals data and puts it in its data leak site when no ransom is paid. As of April 22, 2024, Octapharma is not listed on the group’s data leak website.

26,663 Individuals Affected by Kisco Senior Living Ransomware Attack

Kisco Senior Living based in Carlsbad, CA manages 20 senior living communities located in 6 states in the U.S. Based on the notification letters sent to the impacted persons in April 2024, the company discovered a cyberattack on June 6, 2023 after seeing a disruption in its network. A cybersecurity company investigated the incident and learned that unauthorized people accessed its system and copied files with the personal data of occupants. It took over 10 months to identify the types of data exposed and the number of people impacted.

Based on the notification to the Maine Attorney General, the breach data contained names and Social Security numbers and impacted 26,663 people. Kisco Senior Living stated more security functions were applied to avert the same breaches later. The affected people were provided a year of free credit monitoring services, including an identity fraud loss reimbursement policy with a $1 million coverage.

Email Account Breach at University of Wisconsin Hospitals and Clinics Authority

The University of Wisconsin Hospitals and Clinics Authority (UW Health) gave an update on a breach discovered at the end of 2023. UW Health noticed suspicious activity in an employee’s email account and reset the password to stop more unauthorized access. A third-party cybersecurity company investigated the breach and confirmed on January 5, 2024 that an unauthorized person accessed the email account at various times from Sep. 20, 2023 to Dec. 5, 2023. The hacker viewed several emails in the account and potentially stole data.

The account was examined to find out the people impacted and the types of data compromised. The analysis was done on February 9, 2024, which confirmed that the account included names, birth dates, health record numbers, and clinical data, like dates of service, names of providers, and diagnoses. The email messages did not include any Social Security numbers, medical insurance ID numbers, or financial data. As a HIPAA requirement, the breach report was submitted to the HHS’ Office for Civil Rights as impacting 85,902 persons.

The impacted persons were advised about the breach and though UW Health did not find any proof of patient data misuse, patients were instructed to be cautious concerning any emails they get that assert to be from UW Health or any healthcare provider, and to keep track of their billing statement of accounts and to report any fees charged for services that were not received. UW Health likewise stated that end users of the UW Health MyChart website were targeted previously with scams by using fake websites and has advised all patients to be watchful when calls or emails ask for personal data. Scammers may pose as UW Health workers when calling individuals by phone, may send phishing SMS asking for login credentials or connecting to malicious web addresses, or may send phishing emails utilizing compromised UW Health logos.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone