canjoena - stock.adobe.com

Care New England Resolves Weeklong Cyberattack Impacting Servers

Care New England has been investigating a cyberattack on its systems for nearly a week, which shut down its website: ransomware hackers post healthcare data, a phishing incident, and email hack complete this week’s breach roundup.

Rhode Island-based Care New England (CNE) has fully recovered from a cyberattack that hit its servers nearly a week ago on June 16, which drove the provider to EHR downtime and forced the shutdown of its website, according to local news outlet Providence Journal.

At 5:30PM on Tuesday, the health system’s website went down. The displayed message said the page could not load due to an internal server error. At the time, CNE officials said it was due to a data security incident.

An outside IT security firm was employed to assist with the investigation into the scope of the incident and bring systems back online “in a prioritized way.” By Friday, officials confirmed the health system fell victim to a cyberattack.

A CNE spokesperson said they’ve currently found no evidence patient information was compromised in the incident, but the investigation is ongoing. Further, CNE’s payroll system was affected by the cyberattack, and some minor procedures were delayed during the incident.

By Monday morning, CNE confirmed its email, website, and other internal systems are now back to normal, and they are continuing to investigate.

Ransomware Hackers Post Alleged Healthcare Data

Over the last week, the NetWalker ransomware hacking group posted alleged healthcare data from two providers: Lorien Health Services and Crozier Keystone Health System.

The NetWalker ransomware actors have followed the path of the Maze hacking group, which first infiltrates a victims’ network to steal sensitive data before deploying a ransomware payload. The hackers then attempt to extort victims by threatening to post the stolen data for sale on the dark web.

Hospitals and other covered healthcare entities have remained prime targets for these types of attacks, while NetWalker recently expanded its operations to target healthcare entities.The FBI recently alerted to a rise in what’s now being called double extortion attacks.

While it can be difficult to confirm these cyberattacks -- at times the hackers mislabel or misidentify its victims -- HealthITSecurity.com reviewed screenshots of the alleged stolen data from these victims containing multiple folders.

According to the dark web posting, the hackers gave Crozier and Lorien a week to pay the ransom demands, threatening to publish the data if the providers do not pay.

DataBreaches.net was able to confirm with Crozier that the health system recently faced a malware attack, which was isolated. But officials did not mention NetWalker, or another ransomware incident.

Phishing Attack on Gateway Health Business Associate

Pennsylvania-based Gateway Health is notifying an undisclosed number of patients that their data was compromised after a phishing attack on their business associate, National Imaging Associates. Gateway Health uses NIA to review imaging services’ orders.

NIA discovered its systems were breached on April 11, which allowed an attacker to gain access to its email system. The investigation determined the access occurred after an employee responded to a phishing email, which gave the unauthorized user access to emails.

The hacker then leveraged the compromised account to send additional phishing emails. The affected emails included information from Gateway Health members, such as names, plan ID numbers, dates of birth, health plan information, payments, and treatments. Impacted members will receive a year of free credit monitoring services.

NIA officials said they’ve since updated system security.

Sunrise Treatment Center Email Hack

A hacker gained access to an email account of an employee of the Sunrise Treatment Center in Cincinnati in February, which potentially compromised the data of about 3,660 patients.

The email hack was first discovered on February 27 but access began the prior day. Officials completed their investigation on April 15, finding the compromised account contained a trove of patient data, such as medications, treatments, some Social Security numbers, birthdates, account balances, and the like.

Some patient data was potentially accessed, but officials said they believe the attack’s purpose was designed to dupe employees into wiring money to a foreign account. In fact, Sunrise detected a fraudulent wire transfer and was able to stop the transfer before the money left the system.

Sunrise will provide patients will a year of free credit monitoring services and has since engaged with a third-party specialist for a security assessment and implementation of security safeguards.

Next Steps

Dig Deeper on Healthcare data breaches