In keeping with the warnings from Federal agencies at the end of 2020, healthcare continues to be pummeled by cyber attacks. Data was leaked from a medical center, health system and even an IT vendor with health sector clients.
The hackers attacked with ransomware and published some of the data after the IT vendor did not respond to their extortion demands. They claim to have far more stolen medical records, social security numbers, and other sensitive files – some of which is already posted for sale on the Dark Web.
Increasingly, these hackers are remaining on victims’ networks after gaining a foothold for days and sometimes weeks, gathering as much sensitive data before dropping the final ransomware payload.
In recent data dumps, some providers are not made unaware of the intrusions before the data is leaked online. A lawsuit was filed against a provider by patients seeking “redress for its unlawful conduct, and asserting claims for: negligence; negligence per se; invasion of privacy; breach of implied contract and fiduciary duty; and violation of the [State’s] Unfair and Deceptive Trade Practices Act…”
The patients also claim the provider maintained the data “in a reckless and negligent manner” and that the provider failed to properly monitor its network, system, and servers, which would have allowed them to discover the intrusion in a more timely manner.