Who:
HealthEC LLC, a healthcare tech firm, experienced a data breach affecting 4.5 million patients, including 17 healthcare service providers and state-level health systems.
What:
HealthEC's data breach exposed sensitive information like names, addresses, social security numbers, and medical records of 4.5 million individuals. The breach occurred between July 14 and 23, 2023.
Norton Healthcare, which runs eight hospitals and more than 30 clinics in Kentucky and Indiana, has admitted crooks may have stolen 2.5 million people's most sensitive data during a ransomware attack in May.
During the intrusion, the criminals accessed names, contact information, Social Security Numbers, dates of birth, and may have included may have also included driver's license and government ID numbers, financial account information, and digital signatures.
Health information, insurance information, and medical ID numbers belonging to former patients, employees, and employee dependents and beneficiaries was also at risk, according to a data breach disclosure filed with the Maine Attorney General's office.
The not-for-profit healthcare system said it discovered the security incident, later determined to be a ransomware infection, on May 9, two days after the intrusion.
"Our investigation determined that an unauthorized individual(s) gained access to certain network storage devices between May 7, 2023, and May 9, 2023,…
Ardent Health Services, a healthcare provider operating 30 hospitals across six U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday.
After the incident, it had to take its entire network offline, notify law enforcement, and hire external experts to investigate the attack's extent and impact.
"Ardent Health Services and its affiliated entities ("Ardent") became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack," the organization said on Monday.
"As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs."
Impacted hospitals are currently diverting all patients requiring emergency care to other hospitals in their area. However, they can still provide medical screening and stabilizing care to patients arriving at their emergency rooms.
There have been 209 publicly reported ransomware attacks on US health care organizations in 2023, up from 162 attacks in 2022, Allan Liska, a ransomware expert at cybersecurity firm Recorded Future, told CNN on Friday.
CNN — A network of hospitals in East Texas has not been able to accept ambulances to emergency rooms sinc Thanksgiving Day because of a “potential[cyber]security incident,” a hospital spokesperson told CNN on Friday.The hospital network, UT Health East Texas, is operating using “established downtime procedures” as the hospital investigates “a potential security incident” and works to bring computers back online, spokesperson Allison Pollan said in an email.
Pollan did not respond to subsequent phone calls seeking more information on the incident and how the hospitals were responding. She declined to answer further questions over email.
Headquartered in Tyler, Texas, UT Health East Texas operates 10 hospitals and more than 90 clinics in the region, and provides health care to thousands of patients annually, according to its LinkedIn page.
The East Texas health care system is just the latest hospital group that has been forced to turn ambulances away because of an apparent cybersecurity incident. The last nine months alone have seen cyberattacks divert ambulances from hospitals in Connecticut, Florida, Idaho and Pennsylvania.
