Care New England Resolves Weeklong Cyberattack Impacting Servers

Ransomware Hackers Post Alleged Healthcare Data

Over the last week, the NetWalker ransomware hacking group posted alleged healthcare data from two providers: Lorien Health Services and Crozier Keystone Health System.

The NetWalker ransomware actors have followed the path of the Maze hacking group, which first infiltrates a victims’ network to steal sensitive data before deploying a ransomware payload. The hackers then attempt to extort victims by threatening to post the stolen data for sale on the dark web.

Hospitals and other covered healthcare entities have remained prime targets for these types of attacks, while NetWalker recently expanded its operations to target healthcare entities.The FBI recently alerted to a rise in what’s now being called double extortion attacks.

While it can be difficult to confirm these cyberattacks -- at times the hackers mislabel or misidentify its victims -- HealthITSecurity.com reviewed screenshots of the alleged stolen data from these victims containing multiple folders.

According to the dark web posting, the hackers gave Crozier and Lorien a week to pay the ransom demands, threatening to publish the data if the providers do not pay.

DataBreaches.net was able to confirm with Crozier that the health system recently faced a malware attack, which was isolated. But officials did not mention NetWalker, or another ransomware incident.

Phishing Attack on Gateway Health Business Associate

Pennsylvania-based Gateway Health is notifying an undisclosed number of patients that their data was compromised after a phishing attack on their business associate, National Imaging Associates. Gateway Health uses NIA to review imaging services’ orders.

NIA discovered its systems were breached on April 11, which allowed an attacker to gain access to its email system. The investigation determined the access occurred after an employee responded to a phishing email, which gave the unauthorized user access to emails.

The hacker then leveraged the compromised account to send additional phishing emails. The affected emails included information from Gateway Health members, such as names, plan ID numbers, dates of birth, health plan information, payments, and treatments. Impacted members will receive a year of free credit monitoring services.

NIA officials said they’ve since updated system security.

Sunrise Treatment Center Email Hack

A hacker gained access to an email account of an employee of the Sunrise Treatment Center in Cincinnati in February, which potentially compromised the data of about 3,660 patients.

The email hack was first discovered on February 27 but access began the prior day. Officials completed their investigation on April 15, finding the compromised account contained a trove of patient data, such as medications, treatments, some Social Security numbers, birthdates, account balances, and the like.

Some patient data was potentially accessed, but officials said they believe the attack’s purpose was designed to dupe employees into wiring money to a foreign account. In fact, Sunrise detected a fraudulent wire transfer and was able to stop the transfer before the money left the system.

Sunrise will provide patients will a year of free credit monitoring services and has since engaged with a third-party specialist for a security assessment and implementation of security safeguards.