Ransomware Gangs Claim to Have Attacked Health Plan and Healthcare Provider

Partnership Health Plan of California Getting back from Alleged Ransomware Attack

The nonprofit managed care health plan based in Fairfield, CA, Partnership Health Plan of California (PHC), experienced a cyberattack that resulted in the shut down of its IT systems for more than a week. On March 21, 2022, PHC began alerting regional healthcare clinics about the disruption of its IT systems, its website, and phone lines, and that efforts were in the process to re-establish its systems. A schedule for when IT systems would probably be back was not provided.

PHC didn’t mention in its notices what triggered the outage, however, it seems like a ransomware attack brought on by the Hive ransomware gang. The Hive ransomware gang claimed responsibility for the cyberattack as stated on its clear web and dark web pages and stated 400 gigabytes of data had been exfiltrated from PHC systems that contained 850,000 unique records of name, addresses, SSNs, dates of birth, and other data. That claim has since been deleted.

PHC has not confirmed whether ransomware was employed and the level to which plan members’ information was affected. PHC has about 618,000 health plan members within Northern California. The Hive ransomware group is identified to target the healthcare industry, having formerly performed ransomware attacks on Johnson Memorial Health and Memorial Health System last year.

Cancer and Hematology Centers of Western Michigan Encounters Ransomware Attack

Cancer and Hematology Centers of Western Michigan has lately announced that it suffered a ransomware attack last December 2021 that impacted a portion of its database. The medical provider mentioned it worked with a third-party IT and forensics company to investigate the breach and bring back its systems.

The breach investigation failed to find proof that suggests any patient data was misused, nevertheless, the areas of its systems that the attackers accessed contained parts of patients’ health records and workers’ Social Security numbers and bank account details.

Cancer and Hematology Centers of Western Michigan has commenced notifying affected persons and offered complimentary credit monitoring services. Steps were done to reinforce data security processes, which include decommissioning a number of servers, giving supplemental training to the employees, evaluating security policies and procedures, and contracting with a third-party firm to have to continue security monitoring.

The breach report was submitted to the HHS’ Office for Civil Rights as affecting 43,071 people.

LockBit Ransomware Gang Claims Responsibility for the Val Verde Regional Medical Center Attack

The LockBit ransomware gang has just posted information on its leak site about the theft of data during a ransomware attack on Val Verde Regional Medical Center located in Texas.

Lockbit has exposed around 400 MB of data on its site including information of over 96,000 patients. The files consist of details like names, birth dates, marital status, account numbers, patient ID numbers, addresses, email addresses, telephone numbers, employer addresses, guarantor names, referring physician names, medical insurance data, notes, and other details.

Val Verde Regional Medical Center has not affirmed whether the remarks of the Lockbit group are authentic and the breach is not shown yet on the HHS’ Office for Civil Rights breach website.

About Christine Garcia 1191 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA