Ransomware Attacks Reported by Hoya Optical Labs, Penn Foundation and Minnesota Community Care

Hoya Optical Labs Ransomware Attack Impacts Over 3,000 Patients

Hoya Optical Labs has begun sending notifications to some patients concerning a ransomware attack that potentially compromised some of their protected health information (PHI).

Hoya Optical Labs, which is located in Japan, stated that the attack affected its U.S. systems only. It is believed that the cybercriminal group identified as Astro Team conducted the attack. It professed on its blog that it stole about 300 GB of data before encrypting files. Some of that information was exposed on the internet.

Hoya Optical Labs detected the ransomware attack on April 5, 2021, though the breach of its systems initially occurred on March 15, 2021. The attack affected 3,259 patients’ data. The stolen information included the following types: names, addresses, telephone numbers, medical data, driver’s license numbers, Social Security numbers, payroll details, and usernames and passwords associated with financial accounts.

The provider already reported the attack to law enforcement and notified the affected persons. Steps were undertaken to enhance system security and governance procedures and current monitoring will be improved to help avert attacks in the future.

Penn Foundation Ransomware Attack in February 2021

Penn Foundation based in West Rockhill Township, PA is a nonprofit provider of behavioral health and substance abuse services that encountered a ransomware attack resulting in the theft of client data.

The provider discovered the cyberattack on February 10, 2021 when workers could not access their computers. An independent cybersecurity agency investigated the incident and did some remediation of the attack. It also confirmed that the attacker may have exfiltrated files that contain client data before using the ransomware for file encryption.

An analysis of the compromised systems revealed the inclusion of clients’ PHI, however, it is presently uncertain which of the 17,197 healthcare provider’s clients were impacted. Penn Foundation stated it did not pay any ransom.

Netgain Ransomware Attack on Minnesota Community Care

Minnesota Community Care (MCC) in St, Paul, MN lately announced that it was impacted by the ransomware attack on Netgain Technologies last November 2020. The cloud-based IT service provider discovered the attack on November 24, 2020, and informed MCC last February 25, 2021 regarding the inclusion of some of its data files that were accessed and exfiltrated during the attack.

MCC examined the data files and gave confirmation on April 30, 2021 that the compromised files included the personal data and PHI of 64,855 patients. The breached information included the patients’ full names plus at least one of the following data elements:

driver’s license number; Social Security number; government ID number; birth date; credit card/debit card; account password/CVN/PIN/access code/expiration date of debit card/credit card; diagnosis/diagnosis code; medical background/health condition/treatment/hospital unit/doctor name/date of service; patient account number; medical record number; Medicaid/Medicare number; medical insurance policy number; username/email address and password for the financial or non-financial electronic account.

There were no reports received of misuse of patient information. Impacted persons were informed on June 8, 2021, and those who had their Social Security number compromised were given a free membership to Experian’s credit monitoring service for one year.