Getty Images/iStockphoto

Illinois Public Health Website Hit With Ransomware Amid Coronavirus

Hackers infected an Illinois Public Health provider website with ransomware during the coronavirus pandemic; Maze Team exploits, phishing, malware, and a PACS incident complete this week’s breach roundup.

Hackers infected the website of Champaign-Urbana Public Health District in Illinois with NetWalker ransomware amid the Coronavirus pandemic, according to local news outlet, The News Gazette.

The NetWalker, or Mailto variant was named on the extension appended to the files impacted by the ransomware. First spotted in August 2019, the virus attempts to impersonate the "Sticky Password" software. According to SentinalLabs Head Vitali Kremez, the ransomware’s configuration is detailed and sophisticated.

For CU Public Health, the attack was first discovered early last week when employees were unable to access system files. The provider contacted the FBI and the Department of Homeland Security, while working with a consulting firm to restore the website and investigate the scope of the incident.

Fortunately, the provider moved email accounts, environmental health records, and electronic patient health information to the cloud six months ago, so they have not been impacted by the ransomware. The district employs secure WI-FI, and employees are able to use their laptops for work. As a result, patient care has been able to continue.

Officials said they hope the website will be restored by early this week. For now, patients are being directed to CU Public Health’ social media page for updates on the virus, as the provider works with local governments to provide vital information to patients.

Maze Hackers Claim AffordaCare Urgent Care Clinic

AffordaCare Urgent Care Clinic, a walk-in clinic network in Texas, was attacked by the Maze Team hackers, who claimed to have exfiltrated over 40 GB of data, including health information, according to DataBreaches.net.

The attack appears to have occurred on February 1, and the hackers added the stolen data to its website after the provider refused to pay the ransom demand. Maze hackers are notorious for posting the data from its victims, with several from the healthcare sector.

The posted data includes employee payroll data, patient contact information, medical histories, billing details, diagnoses, billing information, and insurance policy information, among other details.

Currently, the information is still posted on the hackers’ website, and the breach does not appear on the Department of Health and Human Services’ breach reporting tool.

Malware Attack on Randleman Eye Center

North Carolina-based Randleman Eye Center is notifying patients that their data was potentially breached after a malware infection.

On January 13, officials said they discovered the cyberattack on some of its systems, which encrypted some files, including a server containing protected patient health information. The data included names, dates of birth, genders, and digital retinal images.

The provider is continuing to work with a third-party forensics firm to investigate the source and scope of the incident, while determining ways to mitigate the risk of future attacks.

Northeast Radiology PACS Breach

New York’s Northeast Radiology and its healthcare management service vendor Alliance HealthCare Services are notifying 29 patients that their data was potentially breached after hackers gained access to its picture archiving and communication system (PACS).

Reports have shown PACS systems are incredibly vulnerable, with billions of medical images left exposed to the internet. These platforms are used to archive medical images and share images with other providers.

On January 11, Alliance notified Northeast Radiology of the security incident and launched an investigation. Officials said they found the impacted records could include names, genders, dates of birth, exams descriptions, dates of service, images, image descriptions, and for some, corresponding Social Security numbers.

The provider is currently evaluating its systems and processes to bolster its cybersecurity posture.

2019 Phishing Attack on Cheyenne Regional Medical Center

Several employees of Cheyenne Regional Medical Center in Wyoming fell victim to a phishing attack, which potentially gave hackers access to those accounts for more than a week in 2019.

Officials first reported the incident on March 11, but the attack occurred between March 27 and April 8, 2019. The attack was not discovered until April 12, 2019. An investigation was launched upon discovery, which concluded in August 2019.

It’s an important reminder that HIPAA covered entities must report breaches within 60 days of recovery.

The investigation revealed that some of the patient data was potentially viewed during the attack. The compromised data varied by patient, but could include names, provider names, medical record numbers, patient ID numbers, credit card information, financial account data, medical information, diagnoses, treatments, and health insurance information, among other sensitive details.

CRMC has since strengthened the security of its systems and email accounts.

Next Steps

Dig Deeper on Healthcare data breaches